• SOFTWARE DEVELOPMENT 




The Industry Newspaper for Software Development Managers 



ISSUE NO. 044 

MKS Revs Source-Code 
Management Tools 3 

JCP Elects New 

Executive Committees 3 

SpiritSoft Caches 

XML f Java 3 

XYZFind Upgrades 

XML Database 4 

XML on Wall Street 

Draws 1 f 000 4 

Instantiations Bundles 
Code Refactoring, IDE 
Enhancements 6 

Persistence Extends 

Data Caching 6 

Expresso Struts 

With Java 9 

HP Begins Phaseout 

Of e3000 Servers 11 

Flashline Gives Component 
Manager a Makeover 12 

Versata Looks to Rule 

In J2EE Environments 12 




Q&A With 
New Software 
David Nagel . 



Sun Lays Out Blueprints For 
Wireless Development 14 

Z-World Mates Programmable 
Devices With Internet 14 

Impulsesoft Adds Bluetooth 
To 'Radio Neighborhood' . . .15 

SPECIAL REPORT: 
Real-Time 
Operating 
Systems 




A BZ MEDIA PUBLICATION $7.95 

www.sdtimes.com 



CURLING UP WITH A GOOD WEB 

New SurgeLab development environment 
fosters Curl's notion of executable Internet 



BY DAVID RUBINSTEIN 

Curl Corp., inventor of a client- 
side runtime that implements 
its vision of an executable and 
extensible Internet, has finally 
released its SurgeLab 1.0 con- 
tent development environment. 

The objective of the Curl 
runtime, which was introduced 
in April, is to combine the rich- 
ness and functionality of a client- 
side application with the flex- 
ibility and ease of deployment of 
a server-based solution. "People 
can't put up with delays over the 
Web" created by downloading 
ever-larger files, according to 
Bob Batty, Curl's vice president 
of sales and marketing. The com- 
pany's technology leverages the 
power in desktops, making plug- 
ins a one-time problem, he said. 

ne of the advantages of the 
Curl runtime, Batty claimed, is 



reduced consumption of band- 
width. By generating the pre- 
sentation layer's content on the 
client, rather than transmitting it 
down from the server, Curl 
applications can pass data and 
instructions back and forth 
rather than rich bandwidth- 
intensive content. "Oracle appli- 
cations, for instance, download 
an entire JVM with the appli- 
cations, and overwrite what you 
had before," Batty said. "If you 
can create structures that don't 
consume bandwidth, you're 
offering huge value." Another 
advantage, according to Batty, 
is the ease "of making 250,000 
seats compatible. That's not 
ideal for client environments." 

Batty took a swipe at Java, 
claiming it is "not a high-perfor- 
mance client-side environment 

► continued on page 9 



Jasmine Out 
As CA Ends 
Name Game 

Finalizes brands for information 
management product lines 



BY DAVID RUBINSTEIN 

Jasmine is out. AIIFusion, Ad- 
vantage and CleverPath are in. 
After months of internal 
wrangling, Computer Associates 
I nternational I nc. late last month 
finalized the brands for its broad 
information management soft- 
ware group and announced sev- 
eral product updates in that area. 



Back in J une, CA defined its 
three main business areas 
as infrastructure management, 
information management and 
business process management, 
and further subdivided those 
into the areas of enterprise 
management, security, storage, 
portal and knowledge manage- 

► continued on page 8 
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CleverPath ECM categorizes all enterprise content and digital assets. 



Oracle Sees Java Tools Market in Its Future 

But primarily where enterprises use Oracle database, app server 



BY ALAN ZEICHICK 

With the release of its latest 
J2EE application server and 
J Developer tools suite, Oracle 
Corp. has attracted attention in 
the Java community. But is the 
Redwood Shores, Calif. -based 
company serious about becom- 
ing a leader in the J ava tools mar- 
ket—or it merely using J Devel- 
oper and 9iAS to bolster sales of 
its flagship Oracle9i database? 
We talked to Bill D wight, vice 
president for application devel- 



opment tools, about Oracle's 
intent and future directions for 
Oracle's tools business. 

SD Times: Is JDeveloper primar- 
ily a tool for selling 9iAS and 
9iDB r or is it meant to stand 
alone as its own tool, like Sun's 
Forte or Borland's J Builder? 
Bill Dwight: Yes and yes. You 
can use J Developer just for J ava 
programming; it's got some 
capabilities that Forte and 
J Builder don't offer. Developers 
can use it even if they never 
look at an Oracle database. But 
the reality is that nearly every- 
one out there has an Oracle 
database. I f you do have an ra- 
cle database, JDeveloper has 
additional capabilities. It works 
fantastically with Oracle, and 
degrades gracefully for those 




Oracle looks at Java, XML and SQL 
as a 'triumvirate/ says Dwight. 

people who use other databases. 
People make the assumption 
that J D eveloper is for develop- 
ing only for the Oracle platform, 
but that's not true. There are 



capabilities like Code Coach 
and profilers that are general- 
ly useful for Java developers, in 
the same way that Visual Studio 
and Visual C++ were always 
generically useful even outside 
the M icrosoft platform. 
I've never seen any marketing or 
promotion by Oracle specifically 
saying, "Java developers: Want a 
great tool? Throw away your 
J Builder, throw away your Visual 
J++, use JDeveloper." Are we like- 
ly to see that kind of messaging? 
Oracle sells a lot of stuff — 
we're different than Borland, 
where all they do is tools. 
[Tools] are always going to be 
secondary to our message 
about selling our platforms. 
The tools are there to a) make 
our application developers 

► continued on page 11 
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MKS Revs Source-Code Management Tools 

Claims Source Integrity Enterprise's graphical source viewer beats Rational^ ClearCase 



BY ALAN ZEICHICK 

M KS I nc. claims to be moving 
past industry giant Rational 
Software Corp. with its latest 
version of Source Integrity 
Enterprise Edition (SIEE), its 
source-code configuration man- 
agement application that was 
scheduled to ship the first week 
in December. 

According to Dave Martin, 
vice president of product de- 
velopment, the two biggest 
changes in the product are 
the introduction of a Web- 
based client for accessing the 
source-code repository, and 
the ability to view software 
projects in a graphical mode, 
allowing developers to see 
where changes have taken 
place and where branches may 
have occurred for different 



versions of a codebase. "It's 
hard to see this type of history 
in a [text] list," he said. 

Martin said that MKS' 
graphical view of a project also 
can be directly manipulated for 
merging code revisions, a capa- 
bility he claimed goes beyond 
Rational's ClearCase. "If you 
want to merge branches of 
code, you can just drag and 
drop, and we'll take care of the 
merge," he explained. "This 
goes beyond ClearCase, in that 
you can not only see the world, 
but also change the world" in 
the graphical view. 

This new capability is to be 
found only in the Enterprise 
E dition of the Source I ntegrity 
product. "It's going to be in 
SIEE, not in the base level 
[product]," said Martin, refer- 
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Source Integrity Enterprise Edition now provides a graphical view of code 
branches, and allows changes to be merged via a drag-and-drop operation. 



ring to Source Integrity Stan- 
dard Edition. "We will be 
updating the base product in 
February next year." He indi- 
cated, however, that as there 



JCP Elects New Executive Committees 



BY ALAN ZEICHICK 

With low voter turnout— no 
more than 22 percent— Sun 
M icrosystems Inc.'s Java Com- 
munity Process has elected new 
members to its two executive 
committees, one for Java 2 
Standard Edition and Enter- 
prise E dition, the other for J ava 
2 M icro Edition. 

E ach of the executive com- 
mittees has 16 members. Ten 
of those members are nomi- 
nated by the JCP's Program 
Management Office, which, 
according to Sun, "nominates 
members to fill the vacant rat- 
ified seats with due regard for 
balanced community and 
regional representation." Five 
seats are voted for in an open 
election. The final seat on 



each executive committee is 
held permanently by Sun. The 
terms are staggered, with five 
of the seats open for election 
each year. 

In October, Apache Soft- 
ware Foundation, Borland and 
Caldera were nominated for 
the J2SE/J2EE committee's 
ratified seats by the Program 
Management Office, and all 
were duly elected by the mem- 
bers. Twelve companies were 
nominated for two open-elec- 
tion seats, and the winners 
were Macromedia and Nokia, 
replacing WebGain, which lost 
its seat, and Accenture, which 
did not self-nominate in the 
election, according to a Sun 
spokesperson. 

Similarly, this year's ratified 



seats on the J2M E committee 
went to Insignia, Research in 
Motion and Sony. There were 
nine companies nominated for 
the two open-election seats. 
Zucutto Wireless was re-elect- 
ed, and Texas I nstruments was 
elected for the first time, 
defeating Wind River's re-elec- 
tion bid. 

According to Pricewater- 
houseCoopers, which monitor- 
ed the voting, only 13 percent 
of JCP members voted in the 
election for ratified executive 
committee seats, and 22 per- 
cent voted for the openly 
elected seats. 

The executive committees 
play a crucial role in advancing 
J ava Specification Requests and 
approving compatibility tests. I 



are many low-cost or free 
source-code configuration man- 
agement products on the mar- 
ket, M KS' emphasis will be on 
adding features to the enter- 
prise product. 

SIEE 8.2 also includes the 
ability to bundle changes made 
in one development path into a 
package, and then selectively 
apply those changes to other 
development paths on that 
project. "It's helpful when you 
want to be able to make a mass 
merge of changes, like bug fix- 
es, into another branch of 
development," explained Mar- 
tin, who said that configuration 
management packages gener- 
ally don't do a good job in this 
area. "We let you say 'I want to 
apply bug fixes 1, 3 and 7 to 
this build,'" he said. 

For the new release, MKS 
(www.mks.com) has integrated 
SIEE with Borland's J Builder 
5.0 and 6.0 J ava I D E s. The prod- 
uct also works with IDEs from 
M icrosoft, Starbase, Sybase and 
WebGain, and runs on Linux, 
Unix and Windows workstations. 



Also in early December, 
MKS updated Integrity Man- 
ager (IM ), its process- and 
workflow-management appli- 
cations that can be used 
in conjunction with SIEE. Ac- 
cording to Martin, there are 
three major improvements 
found in I M 4.3: group policies 
for e-mail notification rules, 
multilevel group levels for 
users and groups, and visibility 
into other configuration man- 
agement systems. 

In the past, explained Mar- 
tin, individual users configured 
I M to alert them when specific 
actions occurred to the code- 
base, such as a change to a 
module requiring review, or a 
code merge that had to be 
approved. Sometimes, he said, 
those alerts were set incorrect- 
ly, so that developers or man- 
agers received too many or too 
few alerts. "Now, managers 
don't have to leave that in the 
hands of the users," he said, 
noting that the new centralized 
e-mail notification feature lets 
administrators define those 
rules for groups of users. The 
ability to create custom groups 
allows managers to set up pro- 
ject approval on multiple levels. 
IM 4.3 now can manage appli- 
cations on more than one plat- 
form, he said. Previously, it 
worked with Source Integrity 
Enterprise Edition, but with 
the latest version it can also 
provide visibility into projects 
managed by Implementer, 
M KS' code management appli- 
cation for the AS/400. By mid- 
2002, Martin said, he expects 
the next version of Integrity 
M anager to be able to interact 
with Rational's ClearCase. I 



SPIRITSOFT CACHES XML, JAVA 



BY ALAN ZEICHICK 

Six months after the product's 
announcement, SpiritSoft Ltd. 
is making its active J ava-based 
message cache system general- 
ly available. The new Spirit- 
Cache 1.2— the previous ver- 
sions were offered only to beta 
customers— is due to ship in 
mid-December. 

SpiritCache is based on 
J cache, the temporary caching 
API that Oracle Corp. submit- 
ted to the Java Community 



Process earlier this year, 
according to Nigel Thomas, 
director of product manage- 
ment at SpiritSoft (www.spirit- 
soft.com). "We've had a client 
cache in our products before," 
he said, "but then we became 
involved in the J cache expert 
group. J cache was proposed as 
a temporary client cache for 
distributed applications, and 
allows for multiple caches, 
each of which can talk to each 
other. It's a complement to 



messaging: If you update a 
message, you can broadcast it 
out to the caches." 

Thomas characterized J cache 
as being a tool for developers— 
not a packaged application. 
"It's a universal caching frame- 
work," he explained, "halfway 
between a toolkit and an ap- 
plication. It's different than a 
Web page accelerator or a per- 
sistent object cache. This is 
a cache for data that's primarily 
read, only updated occasional- 



ly, and where reduc- 
ing the transmission 
time and bandwidth 
is important." 

He described the 
cache as containing 
a single Java API 
that lets applica- 
tions and applica- 
tion servers work 
with cached data 
and objects, includ- 
ing XM L mes- 
sages. He said that 
it's a consistent interface for 
J2EE, J2SE and J2ME-based 
applications, which makes it use- 
ful for distributing it on servers, 




SpiritCache's APIs can be accessed by client and 
server applications using J2EE, J2SE or J2ME. 



rich clients and wireless or 
mobile devices. 

Pricing for SpiritCache was 
not available by press time. I 
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XYZFind Upgrades XML Database 



BY CHRISTINA M. PURPI 

XYZFind Corp. last month re- 
leased version 2.0 of its native 
XML database, XYZFind Serv- 
er, to include new features 
such as a SOAP interface, a 
stock word selector, a Boolean 
NOT operator, and improve- 
ments to its XM L document 
round-trip features. 

The XYZFind repository 
communicates via HTTP with 
XM L. Although multithreading 
was not possible in its original 
version, it has been added to 
version 2.0, according to Kelvin 



Ginn, product manager for 
XYZFind (www.xyzfind.com). It 
also now allows concurrent 
read/write. 

In version 2.0, "we exposed 
the opportunity for users to 
defer commits and tightened 
the version of the transaction 
server that updates documents 
with soft commit mode, which 
caches information," Ginn said. 

Previous to this release, ex- 
posed configuration options were 
managed as environment vari- 
ables. In version 2.0, environ- 
ment variables are now exposed 




The console includes query templates and a display of configuration settings. 



through a display as a part of the 
database, Ginn explained. 

Version 2.0 brings about 
improvements to document 
round-tripping, which now re- 
tains all white space and char- 
acter differences when retriev- 
ing documents, per the XML 
1.0 specification. 

"In order to support query- 
over attribute values, our query 
language includes a directive 
in the XYZ name space," Ginn 
said. "Everything that you can 
do to an element, you can now 
do to an attribute, for example, 
to use a Boolean search." 

Another feature added to ver- 
sion 2.0 is a Boolean N OT oper- 
ator that will eliminate a word 
from an XM L index or search. 
Searchers also can choose to 
suppress common noise words, 
such as "a" and "the," which help 
to eliminate unnecessary search 
results, said Ginn. 

"We feel we are one of the 
earliest small players to recog- 
nize the potential in a world 
filled with XML and disparate 
XML," said Ginn. 

XYZFind Server is available 
now for L inux, Solaris and Win- 
dows; pricing starts at $10,000 
per processor. I 



XML on Wall Street Draws 1,000 



BY CHRISTINA M. PURPI 
AND DAVID RUBINSTEIN 

NEW YORK - Despite a date 
and location change caused by 
the Sept. 11 terrorist attacks on 
the World Trade Center and 
Pentagon, the first-ever XM L on 
Wall Street attracted more than 
1,000 registrants last month. 
Originally slated to take place 
at the Marriott at the World 
Trade Center, the show instead 
premiered at the Metropolitan 
Pavilion, where XML and its 
effects on financial markets were 
showcased. While most vendors 
displayed products inclined to 
financial markets, some were of 
a broader base. 

XAware Inc. (www.xaware 
.com), maker of a virtual XM L 
database, will announce next 
month the addition of Java 
connectors and adapters to its 
XA-Suite, and expects to have 
two-phase commit capability 
completed sometime in the 
first quarter of 2002, according 
to Jojy M athew, vice president 
of strategic development and 
product strategy. XA-Connec- 



tors, which use EJB, CORBA, 
Java servlets, SOAP and other 
protocols to communicate with 
the suite's XA-iServer; and XA- 
Adapters, which enable the 
server to communicate with 
mainframes, CRM systemsand 
databases, are at the core of 
the January announcement, 
M athew said. The suite sells 
for $25,000 for a two-CPU 
installation with unlimited 
client access. 

New Jersey- based Provenir 
(www.provenir.com), a subsid- 
iary of Response Data Corp., 
said at the conference that it 
will release version 5.0 of its 
XML-based workflow manager 
and decision engine platform in 
late spring 2002. According to 
Michael Barrow, head of busi- 
ness development, the new ver- 
sion will include an end-user, 
self-service interface that will 
allow developers to drag and 
drop data from one source to 
another through Provenir's 
Enterprise Manager. 

Attachmate Corp. (WWW 
.attachmate.com), long a player in 



the mainframe access space, is 
planning to release early next year 
its first end-to-end enterprise 
application integration solution, 
according to business develop- 
ment spokesman Del Alvarado. 
He said Attachmate has devel- 
oped technology to provide the 
same mainframe access via a 
browser, handheld computer or 
mobile phone, with support for 
JavaBeans and XML. Attach- 
mate Smart Connectors and 
Task I ntegrator are at the core of 
the new EAI architecture, pro- 
viding the ability to convert 
mainframe data into XM L docu- 
ments or JavaBeans for deploy- 
ment into new, n-tier appli- 
cations, Alvarado explained. 
Smart Connectors work with 
3270 andCICS, as well asJDBC 
to provide a Java connection to 
any ODBC-compliant database. 
Task Integrator adds the busi- 
ness logic layer to the transac- 
tions defined by Smart Connec- 
tors, extracting information from 
most data sources and then mod- 
ifying as required to be delivered 
to other sources, he explained. I 



WebSphere 



software 




W THE PARALLEL UNIVERSE, DEVELOPERS' TASKS WERE COMPLEX. HERE, THE CODERMAUTS FOUND A SIMPLER WAY. 

WEBSPHERE for OPEN TOOLS 

| SUPPORTING A TRUE OPEN ENVIRONMENT, BACKED BY INDUSTRY LEADERS. | 



(@ I 4pm rn -^ * A i^ii r^ ^rx iree code, ui&ii fcmvconii'rteb&pnere/idmioois 



IT'S A DIFFERENT HIND D.f WORLD. 

tDM NEEO i DIFFERENT K I MD *F 5-0FTWAHE. 



6 



NEWS 



Software Development Times . December 15, 2001 



www.sdtimes.com 




sBrie 



, COMPANIES , 




IBM Corp. has announced that it will support Object Management 

Group Inc.'s Model Driven Architecture, a vendor-neutral, platform- 
independent infrastructure, and said that MDA will be incorporated 
into its WebSphere tool suite . . . MKS Inc. has integrated its Source 
Integrity Enterprise Edition 8.2 source-configuration management 
software with Borland Software Corp.'s J Builder 6 Java development 
environment . . . Following OASIS' preliminary release of its Security 
Assertion Markup Language, Netegrity Inc. has released a free refer- 
ence implementation of the draft spec. The JSAML toolkit lets devel- 
opers build applications that can interoperate with a SAML-compliant 
enterprise security framework. The toolkit includes wrappers for 
SAML interaction with Java and XML security specifications 
. . . I-Logix Inc. has integrated its Rhapsody in Micro-C development 
environment with Cosmic Software Inc.'s ZAP C debugger. The inte- 
gration, which is designed to work with 8-bit and 16-bit Motorola 
microcontrollers, is available from Cosmic. 



PRODUCTS 



Information Laboratory Inc.'s new Small Worlds application visualiza- 
tion software, released in November, is available for C++ and Java. The 
software provides users with a visual representation of in-house appli- 
cations, and performs a structural analysis that points out potentially 
problematic areas, such as global and local dependencies, and the 
relationship between components. The company is developing ver- 
sions of Small Worlds for databases, C, Ctt and Visual Basic . . . Quest 
Software Inc. is expected to announce an update to its SQL Navigator 
Oracle development tool with support for 0racle9i and Java, as well as 
added support for industry-standard version control systems 
. . . SuSE Inc. has released a version of its SuSE Linux 7.3 operating 
system for IBM's S/390 and Z-series mainframes. The software's price 
starts at $4,500 per server . . . Fujitsu Software Corp. has finally made 
its Interstage Application Server 4.0 generally available, four 
months after it was scheduled to be released. The server was recent- 
ly J2EE 1.2 certified . . . CrossWorlds Software Inc. has a new J2EE 
Resource Adapter, which lets J2EE-compliant applications interact 
with multiple external applications and data sources. The Resource 
Adapter, which is based on the J2EE Connector Architecture 1.0 spec, 
also can work with SOAP, UDDI and WSDL, according to the company 
. . . Borland Software Corp. is supporting Sun's embedded Java strat- 
egy with its JBuilder MobileSet for Sun's J2ME Wireless Toolkit. The 
MobileSet is a J2ME emulator for mobile devices that works as an add- 
in to the JBuilder Java IDE, and is available for no-charge download 
from Borland's Web site. 



PEOPLE 



Mike DeVries has joined Java architecture company Wakesoft Inc. as 
CEO. DeVries, most recently senior vice president of product opera- 
tions at Versata, will be responsible for defining the company's busi- 
ness strategy of delivering J2EE and Web services architecture solu- 
tions . . . QNX Software Systems Ltd. has named former Microsoft 
executive Alec Saunders as vice president of marketing. 



, STANDARDS , 



The UDDI community's beta of the UDDI Business Registry version 

2 is now available, with the UDDI registries offered by HP, IBM, 
Microsoft and SAP now conforming to that draft specification. UDDI 
v2 provides tools for allowing companies to deploy private registries 
to manage internal Web services using the UDDI specification. There 
also is improved programmatic access to UDDI data, stronger busi- 
ness relationship modeling, and enhanced availability of UDDI infor- 
mation to end users via a Web browser. The UDDI community plans to 
release a public draft of the UDDI v3 technical specification in 2002 
. . . The W3C's Voice Browser Working Group has released the first 
public Working Draft of its Semantic Interpretation for Speech 
Recognition. This draft spec describes syntax and semantics for tags 
in speech-recognition grammars. I 



Instantiations Bundles Code 
Refactoring, IDE Enhancements 



BY CHRISTINA M. PURPI 

Instantiations Inc. has bundled 
two of its existing products and 
added new features to launch 
CodePro Studio, a suite of 
enhancements for Borland's 
J Builder and IBM's WebSphere 
Studio Application Developer. 

CodePro Studio includes 
jF actor, Instantiations' code 
refactoring application, along 
with Assist, its set of packaged 
integrated development envi- 
ronment enhancements. "Our 
customers liked Assist and 
jF actor as separate products, 



but they were telling us it 
made more sense to integrate 
the set of tools," said Mark 
Johnson, vice president of mar- 
keting and business develop- 
ment at Instantiations (www 
.instantiations.com). 

The WebSphere edition 
includes a new set of tools for 
helping users make the transi- 
tion between IBM's older 
VisualAge for J ava and the new- 
er WebSphere Studio Applica- 
tion Developer. "There are 15 
separate automated tools that 
make the transition simple," 




CodePro Studio combines the technologies of both jFactor and Assist. 



said Johnson. Those tools 
include a task scheduler and 
transitioning tools for import 
and export from VisualAge 
for Java to WebSphere Studio 
Application Developer, as well 
as a set of predefined tasks and 
macro/keyword expansion. 

"The Assist technology goes 
back to the SmallTalk program- 
ming days," said Johnson. "We 
researched what the limitations 
and weaknesses of IDEs were 
and developed a product that 
complements IDEs or supple- 
ments the base I D E from the 
platform provider." Assist in- 
cludes 300 separate productivi- 
ty features that install into the 
base IDE, thereby creating a 
more developer-friendly envi- 
ronment, claimed Johnson. 

According to Johnson, the 
jF actor tools are a set of soft- 
ware development methodolo- 
gies that allow programmers to 
improve the design of their 
existing code within the devel- 
opment environment. 

Both the WebSphere and 
JBuilder editions are available 
now and are priced at $1,295 
and $449, respectively, per 
developer seat. I 



PERSISTENCE EXTENDS DATA CACHING 



BY CHRISTINA M. PURPI 

Persistence, a company in the 
object-to-relational database 
mapping and data caching mar- 
kets, has released to beta 
E dgeXtend, which allows devel- 
opers to create a data architec- 
ture for managing critical busi- 
ness data across a widely 
dispersed network, according to 
Ed Murrer, senior vice presi- 
dent of marketing at Persistence 
(www.persistence.com). 

E dgeXtend, which is set to be 
released in the first quarter of 
2002, seeks to improve distrib- 
uted application performance by 
allowing applications to use Per- 
sistence's distributed dynamic 
caching technology, said M urrer. 

"Users are provided with the 
ability to do distributed dynamic 
caching because data is dis- 
persed in caches around net- 
works, which are updated in real 
time and then synchronized so it 
looks like a data center is right 
there," he said. "The problem 
presents itself when you want to 



run an application outside the 
data center. U nless data is easily 
accessible, the response time is 
pretty bad." 

M urrer cited, for example, 
that small businesses trying to 
run logistics with Federal Ex- 
press attempt to figure out 
changes and routings. With 
E dgeXtend, fresh data is kept 
in a local cache, and from there 
is accessible to users or appli- 
cations in the system. 



"By the end of next year, we 
expect half of our revenue to 
come from E dgeXtend," Mur- 
rer claimed. E dgeXtend is 
scheduled to be available by the 
first quarter of next year and 
cost $9,995 per processor and 
$14,995 for multicache support, 
which Murrer described as 
coordinated and synchronized 
data between several caches in a 
distributed environment, as 
opposed to a single cache. I 



Talarian Makes JMS Coding EZ 



Talarian Corp. (www.talarian 
.com) has released EZ-JMS, an 
extension to Sun's F orte for J ava 
development environment that 
it claims will make it easier to 
design, build and debug Java- 
based programs using the Java 
M essage Service extensions. 

EZ-JMS will let developers 
create J M S-compliant apps with 
a J M S code creation wizard that 
can publish and subscribe new 



code in addition to a point-to- 
point field that can be used in 
editing and debugging programs. 
"It's scalable for one or 
20,000 messages," claimed Colm 
Daniel, director of business 
development at Talarian. EZ- 
JMS is priced at $99.99 
and is available for download 
at www.sun.com/software/shop 
/indexhtml. 

-Christina M. Purpi 
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NAME GAME 

< continued from page 1 

merit, predictive analysis, and 
e-business transformation and 
integration. CA gave the enter- 
prise management solutions 
group the Unicenter name; 
storage products would be 
called BrightStor, and the secu- 



rity solutions would be branded 
eTrust. At the time, the overall 
brand for information manage- 
ment was Jasmine. 

Customers and industry 
watchers, though, remained con- 
fused about what the Jasmine 
brand encompassed. According 
to Carl Hartman, vice president 
for corporate marketing, CA 



decided to break the group into 
three brands. E-business trans- 
formation and integration was 
split into AIIF usion for applica- 
tion life-cycle management, and 
Advantage for data management 
and application development. 
Portal and knowledge manage- 
ment and predictive analysis 
were combined into CleverPath. 



"We are focused on defining 
and articulating a strategy to 
the market at large," Hartman 
said. "We see information man- 
agement as a growth market for 
us, and the portal and business 
intelligence is our strength." 

The CleverPath brand is 
anchored by CA's portal server, 
now called the CleverPath Por- 
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SI t 1 



CA is defining its 
strategy through 
rebranding, says 
Hartman. 



tal 3.5, which includes report- 
ing, analysis and operational 
intelligence tools. N ew features 
include better support for 
wireless devices, integration 
with BEA's WebLogic and 
IBM's WebSphere application 
servers (it ships with Tomcat), 
and improved performance and 
scalability of the portal itself, 
according to Hartman. 

A new product introduced 
with the portal upgrade is 
CleverPath Enterprise Content 
M anager 3.5— to keep the ver- 
sions in sync— 
an add-on com- 
ponent to the 
portal that pro- 
vides manage- 
ment of digital 
content such as 
pictures, video, 
audio and ani- 
mation, Hart- 
man said. "This 
is not just a way 
to disseminate data, but to col- 
lect and manage it and allow 
for collaborative work on it," 
he explained. 

Other upgraded CleverPath 
products in the reporting and 
analysis space, Hartman said, 
include Reporter 4.0, with 
deeper integration with the 
Portal; Forest&Trees 6.5, a 
solution for building and de- 
ploying executive information 
systems that has been Portal- 
enabled and now has double- 
byte language support; and 
OLAP 5.0, with better integra- 
tion and publishing into the 
Portal and an overhauled set of 
administrative tools to better 
define queries and manage the 
results of those queries. 

In the operational intel- 
ligence area, CA introduced 
CleverPath Aion Business Rules 
E xpert 9.1, with easier on-the-fly 
tailoring of rules as business con- 
ditions change, and enhanced 
Java and COM+ support; and 
Predictive Analysis Server 2.0, 
which represents the packaging 
of CA's Neugents intelligence 
software into an application. 

The Cool line of develop- 
ment products will fall into the 
Advantage product line, Hart- 
man said, while the E rwin mod- 
eling tools and the Process 
Continuum process and project 
management tools now come 
under the AIIF usion name. 

As for J asmine, the name is 
not going to completely vanish, 
Hartman said. It will revert to 
its heritage as CA's object-ori- 
ented application development 
solution as part of the Advan- 
tage product area. I 
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and it's fracturing. Sun made an 
early mistake when it licensed 
the source code and enhance- 
ments of JVMs but failed to 
control the implementation. 
They made a homogeneous 
platform go away." 

The difference between Curl 
code and HTML, Batty said, is 
that where Java or Flash are 
compiled at some intermediate 
stage, Curl content is compiled 
at a client-side plug-in, creating 
an implementation of the notion 
of an executable I nternet. 

Curl is targeting IT shops, 
looking to achieve high perfor- 
mance in Web-deployed applica- 
tions, as well as the few surviving 
dot-coms, which must enhance 
advertising revenue with sub- 
scriptions and need a higher lev- 
el of production quality in their 
content to have an end user pay 
money for it, Batty said. 

An early user of the Curl 
technology is adisoft AG , a G er- 
man company developing bank- 
ing applications. "Curl allows us 
to combine the sex appeal of 

Expresso Struts 
With Java 

BY ALAN ZEICHICK 

Expresso, the open-source Java 
Web application framework 
offered byjcorporate Ltd., is 
newly updated to incorporate 
Apache's open-source Jakarta 
Struts framework. 

According to the company, 
Expresso 4.0 provides compo- 
nents for building database- 
based Web applications, includ- 
ing object-relational mapping, 
job scheduling, table manipula- 
tion and caching. Struts provides 
presentation-oriented features, 
such as an XML tag library, 
which J corporate claims makes 
it easier to build applications, 
and also includes features such 
as URL mapping and improved 
error handling. In addition, the 
4.0 version has replaced Java 
servlets with objects to improve 
security and increase reliability. 

The integration of Struts 1.0 
into Expresso 4.0 simplifies not 
only development, but also 
administration, says J corporate, 
with a single point of configura- 
tion for the two frameworks. 

Expresso 4.0 can be down- 
loaded at no charge from www 
.jcorporate.com/product/expresso 
.html. The company sells annu- 
al support for $2,999 for two 
developer contacts. I 



multimedia user interfaces with 
the speed of traditional char- 
acter-based applications," said 
adisoft CEO Karl Schlagen- 
hauf. "Curl not only makes our 
programs run much faster, but 
it's also a bandwidth multiplier." 
Curl claims to have 15 enter- 
prise-class customers, but could 
not yet provide any names due 



to licensing and nondisclosure 
restrictions, according to a 
spokeswoman for Curl. 

Although SurgeLab has been 
developed to ease the creation of 
Curl code, Curl "is not a tools 
company," Batty said. In fact, 
Curl code, which is delivered as 
ASCI I source files, can be creat- 
ed in any text editor or browser. 



"We hope to encourage other 
tools makers to create develop- 
ment tools." 

Curl is hoping to make the 
runtime and IDE ubiquitous 
by offering them for free at 
www.curl.com. Curl charges five- 
hundredths of a cent for a kilo- 
byte of executed content, and 
expects to hit the break-even 



point for cash flow some time 
next year, Batty said. Curl runs on 
all Win32 environments, and a 
prerelease of a L inux version was 
due out at the end of N ovember, 
Batty said. The company also is 
working on a M ac OS X version 
as well as implementations for 
handheld computers and mobile 
phones, he said. I 
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HP Begins Phaseout of e3000 Servers 

Decades-old proprietary minicomputer has too few customers, partners 



BY ALAN ZEICHICK 

It's the end of an era: H ewlett- 
Packard Co. is discontinuing 
the HP e3000, its last remain- 
ing proprietary minicomputer. 
Sales of the e3000— long popu- 
lar due to its reliability, and 
with fans among many F ortune 
500 corporations— will 
be phased out over the 
next two years, and H P 
will stop providing sup- 
port for the platform in 
five years. The compa- 
ny is urging its cus- 
tomers to begin plan- 
ning for a migration as 
soon as possible, offer- 
ing its x86-based Net- 
Servers and HP-UX- 
based H P 9000 servers 
as alternatives. 

At the announce- 
ment, H P claimed that 
although the H P e3000 
products remain pop- 
ular with customers, 
there aren't sufficient 
sales to justify invest- 



ments in the platform. I n addi- 
tion, the company cited erosion 
in the number of third-party 
providers building hardware, 
software and tools for the e3000 
(www.hp.com/go/e3000). 

According to the company, 
customers can still purchase A- 






HP plans to gradually phase out sales of the HP 
e3000 hardware, with support ending in 2006. 



class and N -class servers, system 
upgrades and add-in boards 
through Oct. 31, 2003, with sup- 
port services offered until Dec. 
31, 2006. The company plans to 
provide customers with a con- 
version kit that can turn certain 
e3000 servers into HP 9000 
■1 servers, beginning in Feb- 
| ruary 2002. Both servers 
run the company's home- 
grown 64-bit micropro- 
H cessor, the PA-RISC. 

However, that won't 
hel p on the software front. 
The HP 3000 servers 
(which the company re- 
named e3000 several 
years ago to emphasize its 
^ e-commerce capabilities) 
runs M PE/iX, a 30-year- 
old proprietary operating 
system, while the H P 
9000 series runs HP-UX, 
the company's version of 
Unix. H P plans to offer 
migration tools and con- 
sulting services to port 
M PE/iX applications to 



of date, and for databases that 
require DBMSes only on the 
HP e3000. With custom-writ- 
ten applications, vendors such 
as Acucorp Inc. and Legacy) 
Corp. offer tools to migrate 
software written in the HP 
e3000's dialect of COBOL to 
other platforms. Even so, the 
migration costs may exceed the 
time required to reconstruct 
the application from scratch. 
I t's clearly not a good time to be 
an H P e3000 owner. I 



HP-UX, Linux or Windows. HP 
also has stated that it won't be 
porting M PE/iX to the 64-bit 
Itanium processor, claiming that 
there's an insufficient customer 
base to justify the costs. 

The HP e3000 isn't going 
away overnight, however. HP 
has committed to at least one 
more revision to the current A- 
class and N -class servers in 
2002 using the PA-8700 micro- 
processor, which should boost 
performance by 30 percent, 
the company claims. 
There also will be an 
upgrade to the oper- 
ating system: M PE/iX 
7.5 will be available in 
the second half of 
2002, with new fea- 
tures primarily aimed 
at supporting Fibre 
Channel networks. 

In the meantime, 
companies face hard 
choices, particularly The HP e3000 uses the same PA-RISC proces- 
for packaged software sor as the Unix-based HP 9000, but runs the 
that may be years out proprietary MPE/iX operating system. 




ORACLE 
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more productive, and b) help 
sell our platforms. I'm just 
pointing out that our tools are 
not proprietary to Oracle; they 
have J ava at the center of them. 
When we originally built our 
tools, there were no standards. 
For example, ODBC came out 
after we built our first develop- 
er suite. In contrast, in the J ava 
world, the standards like J D BC 
are therefor us to build on. 

With that said, the J2EE 
standards are still immature. 
We do have our traditional set 
of tools, for example D eveloper 
and Designer, with an installed 
base that's very large and very 
productive and very happy. And 
they're wondering, "What's up 
with all that J 2EE stuff?" 

We have a dual-pronged 
mission: We're Web-enabling 
our traditional tools for our 
installed base, and at the same 
time we're bringing our tradi- 
tional RAD and modeling 
capabilities to our J2EE cus- 
tomers. Right now, you still 
have to be a rocket scientist to 
build to the straight J2EE 
platform. Of course, over the 
next couple of years, we expect 
that to change dramatically, as 
tools with the RAD 4GL capa- 



bilities of PowerBuilder and 
Visual Basic start coming to 
J2EE. The Java world is still 
rapidly evolving. 

We also think that people 
tend to fixate on J ava and XM L , 
and tend to forget how impor- 
tant SQL is. We really look at 
them as a triumvirate: Java, 
XML and SQL. That's really the 
differentiating feature of our 
tools, because we push all three 
all the way through the stack. 
The more of those special func- 
tions you put into the platform, 
the more 9iAS and JDeveloper 
are tied to the 0racle9i database. 
Well, you don't have to use 
those functions. If you choose 
to, though, you'll get great pro- 
ductivity enhancers. For exam- 
ple, we have a Bl add-in for 
JDeveloper, which allows you 
to take advantage of the busi- 
ness-intelligence development 
functions in the server. The Bl 
tools guys are working on stan- 
dardizing them, so over time 
you'll see the standards emerge. 
Are they doing that through a 
standards organization? 
There is a J SR [Java Specifica- 
tion Request] through theJCP 
[Java Community Process] for 
those functions. Getting back 
to J ava, XML and SQL, there 
tend to be communities that 
are very focused on each of 



those technologies and they 
have their own standards 
efforts. It's a challenge to find 
the right blend of these three 
technologies and integrate 
them in an optimal way when 
people get very centric on one 
technology or another. 
With all this talk about Java, do 
you see the traditional old Oracle 
tools being retired anytime soon? 
We built those tools over a 
decade, and there are higher- 
level capabilities in our tools 
than there are in the J ava tools, 
so I don't see them going away. 
Our real issue is how to inte- 
grate them, how to give them 
the ability to call out to J ava. If 
you want to turn a Forms 
application into a Web service, 
you want to write that Web ser- 
vice in J D eveloper and call out 
to it from Forms. 
You mentioned the immaturity of 
Java earlier. What do you think 
still needs to be done? If you 
were designing J2EE 1.4, what 
would be your priorities? 
Right now, Java needs to really 
sharpen up its Web services. If 
I'm building EJBs, I should be 
able to rapidly expose them as 
Web services. I shouldn't have to 
learn new ways to build things. 
What is Oracle working on for 
future enhancements? 
We're adding capabilities in 



areas people don't necessarily 
think about, such as business 
intelligence and application 
integration. People tend to use 
"application development" as a 
moniker for building transac- 
tional applications. Later they 
think about analysis and think, 
"We ought to integrate that 
in." We're working on the 
convergence between transac- 
tional applications develop- 
ment and business intelligence 
applications development and 
application integration. JDe- 
veloper is really key to that, 
with its add-in APIs and com- 
mon IDE. Within our tools 
group, different groups are 
building add-ins into JDevel- 
oper that are very tightly inte- 
grated. One of the major areas 
that we've done at first is add 
business intelligence into the 
IDE. Application integration 
will follow. Looking forward, 
that's an area we're strong in. 
Where do your competitors have 
an edge right now? 
Well, I think M icrosoft has an 
edge in Web service develop- 
ment—and mind share with 
developers. They dominated 
the client/server era, and they 
have built an effective set of 
tools. M icrosoft is very adept 
at the tools space and integrat- 
ing them into their platform; 



they did that effectively in 
the previous era. The winner 
for the I nternet era very much 
is up in the air. We've got a 
great shot at it. I think the 
database developers are criti- 
cal for building these applica- 
tions, because the Internet is 
all about data. 

What will be the most significant 
thing that Oracle will be doing 
over the next couple of years? 
F rom the tools side, my goal is 
to be the leader in J ava tools. 
Even if developers are saying, "I 
need to build apps for WebLogic 
or WebSphere"? 

M y expectation is that there will 
be an Oracle data server some- 
where in the mix There are real- 
ly two camps of developers: 
Some view Oracle's database as 
the center of the world, and store 
everything in the Oracle. And 
there are developers who see the 
middle tier as the center of the 
world, and they view the middle 
tier as the way to aggregate all the 
disparate data sources and ap- 
plications that they've amassed. 
We increasingly play better in 
that world with 9iAS. 

I don't really envision a situ- 
ation where people use J D evel- 
oper where they don't have an 
Oracle database. But frankly, 
there aren't that many compa- 
nies that don't have Oracle. I 
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Flashline Gives Component Manager a Makeover 

Adds support for multiple asset types, UDDI integration and lowers the price 



BY DAVID RUBINSTEIN 

Asset reuse, according to F lash- 
line.com Inc. president Charles 
Stack, has finally moved from 
evangelism to implementation. 
H is pitch has gone from "why" 
to "how" as companies look to 
leverage their assets in a more 
cost-effective way. 
II mi i=z 



To that end, Flashline last 
week released version 3 of its 
Component Manager Enter- 
prise Edition, which sports a 
completely rewritten back end 
that now supports multiple 
asset types as well as Web ser- 
vices. The company also low- 
ered the price and eliminated 




CMEE sits as a layer on top of UDDI for rich description of Web services. 



the per-user monthly subscrip- 
tion fee. 

"We were focused on Java, 
but we received a lot of re- 
quests from people who want 
to be able to work with COM , 
COBOL, patterns and business 
processes," Stack said. "So 
many legacy applications lend 
themselves to a Web services 
wrapper, which makes manag- 
ing huge and different data- 
bases easier. [E nterprise Appli- 
cation Integration] is the broad 
category of where we're seeing 
the focus of development." 

CMEE 3.0 now provides 
metadata templates, or XM L 
schemas, for managing Java 
and COM components, Stack 
said, as well as frameworks, 
patterns and Web services. 
Developers also can create 
new asset types by customizing 
the existing templates, or 
import an XML schema from 
another source and create an 
asset type from that, he ex- 
plained. "The front end [of 
CMEE] doesn't look different, 



but the level of flexibility is 
enormous," Stack said. The 
metrics built into CM EE help 
companies measure the return 
on investment of their assets, 
he added, so managers can 
assess the economic 
impact of reuse. 

In the Web services 
realm, Stack said, CMEE 
can act as a centralized 
repository for Web ser- 
vices. "UDDI doesn't 
haveWSDL files, imple- 
mentation instructions 
or documentation," he 
said. "We're a layer on 
top of UDDI to provide 
those things." Stack said 
developers can point 
ponent M anager to any U D D I 
registry, whether internal or on 
the Internet, and flag services 
to be published in the Compo- 
nent M anager repository for 
use in future projects. A fea- 
ture in Component Manager 
sends notification to managers 
as to which developers are 
using which Web services as 
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Reuse can yield 
tenfold develop- 
ment gains, says 
Flashline's Stack. 



Com- 



another tool to measure the 
cost impact or benefit of using 
the services. 

"We're seeing tenfold gains 
in software development with 
model architectures and reuse," 
Stack said. "When ClOs 
see lOx, things are get- 
ting shaken up." 

Flashline has supple- 
mented the use of plug- 
ins and adapters for 
integration with third- 
party development tools 
and version-control sys- 
tems in the new release 
with open APIs that 
allow developers to use 
SOAP to move informa- 
tion and assets between Com- 
ponent M anager and the tools. 
Flashline (www.flashline.com), 
which counts Charles Schwab, 
CitiM ortgage and Sprint PCS 
among its customers, reduced 
the per-server price from its 
$60,000 introductory price to 
$34,500, and its per-user price 
from $150 per month to a one- 
time charge of $250. 1 



Versata Looks to Rule in J2EE Environments 

Logic Suite 5.5 improves process automation, team development capability 



BY DAVID RUBINSTEIN 

Setting its sites on large, soph- 
isticated development shops 
looking to leverage the Java 2 
Enterprise Edition environ- 
ment, Versata Corp. last week 
released a revamped version of 
its Logic Suite business logic 
and process rules development 
and deployment platform. 

The highlights of Logic Suite 
5.5, according to Versata's senior 
director of marketing strategy 
Brett Adam, include support for 
IBM 's WebSphere 4.0 and B E A's 
WebLogic 6.1, the addition of 
business logic process automa- 
tion, support for an increased 
range of presentation technolo- 
gies, such as JavaServer Pages 
(JSP), XML and Web services, 
better support for team devel- 
opment and tighter integration 
with source-code management 
systems, and performance and 
productivity enhancements. 

The Versata Logic Server is 
a set of runtime services that 
sit within an application server, 
Adam explained, managing 
database access and connectiv- 
ity, presentation options and 



connectivity to back-end sys- 
tems to apply business logic to 
multistage transactions across 
multiple systems. The server in- 
cludes a transaction logic en- 
gine and a process logic engine, 
while Logic Studio includes 
design tools for the logic and 
presentation layer. 

"Business logic must run on 
the appropriate infrastructure," 
Adam said. "As the [platform] 
layer beneath us changes, our 
customers are relatively insulat- 
ed from those changes. It helps 
customers preserve their in- 
vestment in business logic." 

Versata used the workflow 
process technology acquired 
from Verve Inc. in November 
2000, which had been targeted 
at OE M s, to bring the benefits 
of process automation to main- 
stream enterprises, Adam said. 
These benefits include report- 
ing, metrics, audit trails and vis- 
ibility into a transaction at run- 
time, he explained. 

Versata (www.versata.com) 
has shifted its strategy from 
providing prepackaged adap- 
ters to development tools and 



deployment platforms to offer- 
ing a toolkit in source-code 
form for developers to create 
their own integrations, widen- 
ing their tooling options. 
"We've learned customers in- 
creasingly want more control as 
to how the integration is done 
within an application," Adam 
said. "JSP is a case in point. 
There are many different ap- 
proaches as to the way in which 
JSPs are applied." Toolkits for 
integrations with CICS, Web- 
M ethods and Lotus N otes have 
been updated, and kits for JSP, 
XML, Web services and IBM's 
MQSeries have been added. 
Adam said Logic Suite 5.5 also 
has improved integration with 
PVCS, Rational'sClearCaseand 
Microsoft's SourceSafe. 

Versata is touting its own 
benchmark test that it claims 
reduces development time of 
a Java transaction application 
from one developer year to 
one-and-a-half hours by replac- 
ing hand-coded EJBs with 
business logic rules in the Log- 
ic Server. "One session EJB, 
which is 32 pages of handwrit- 
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ten code, and 69 components 
for infrastructure were reduced 
to four core business objects. 
With the addition of four busi- 
ness rules, we were able to 
specify rules, test and deploy 
within an hour-and-a-half win- 
dow," he claimed. 

The key, Adam said, is that 
Versata has taken best-of- 
breed architectural patterns 
for the creation and deploy- 
ment of J 2EE applications and 



built them into the rules and 
process engines, significantly 
reducing development time. 
"It's an architectural bench- 
mark for how to use J 2E E cor- 
rectly," he said. 

Team development kits for 
Logic Suite 5.5 start at $50,000 
for five developers, while the 
Logic Server alone is priced at 
$40,000 per processor. The 
integration toolkits are free 
with professional services.! 
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Palm Gears Up for Enterprise Battle 



BY EDWARD J. CORREIA 

Now that its acquisition of the BeOS 
software tools and development assets is 
complete, and the dust has cleared from 
its division into hardware and software 
units, Palm I nc. (www.palm.com) is hun- 
kering down for a long and hard battle 
for dominance in the enterprise hand- 
held computer market. 

Former AT&T chief technology offi- 
cer David Nagel, who is now heading 
Palm's Platform Solutions group, talked 
to SD Times about how he plans to 
leverage the Be assets to maintain and 
grow Palm's lead in the enterprise. 

SD Times: What's the first order of busi- 
ness for the Platform Solutions Group? 

David Nagel: The first order of business 
is to put the product development sched- 
ule on a much faster track. That was the 
whole motivation behind acquiring the 
Be assets. The Be guys have been in the 
licensing and platform business longer 
than we have, and had developed more 
sophisticated bill and process tools that 
are suited better for licensees than tools 
we had. The development tools were 
worth at least $11 million, and the 50 
engineers we got are priceless. 
We know Palm is also working on a 32-bit 
operating system using pieces of BeOS. 
What new capabilities can developers 
expect from devices built around it? 
Enormous boost in speeds. We are 
developing the OS with the ARM 7 




Palm's biggest competitors are Compag and 
Microsoft, says Nagel. 

instruction set, which gives us upward 
compatibility with a range of processors 
from 30MHz to [Intel's] XScale in the 
700MHz territory. We'll have a broad 
range of platforms in mid-2002 that 
licensees can choose from depending on 
their specific design goals. 
Against whom will you be competing? 
M y biggest competitor in the enterprise 
is M icrosoft at the platform level, and I 
think that Palm I nc.'s biggest competitor 
at the moment is Compaq. H aving said 
that, the latest statistics show that Palm 
outsells Compaq by 2 to 1. When they 
see the total statistics on the cost of own- 
ership, including the initial price, they 
will increasingly make the decision to 
buy Palm-powered devices. 
That's fine for today's 16-bit models, but 



devices built for a 32-bit Palm OS will be 
more expensive. Can you maintain your 
sales edge? 

The biggest attribute we have by far is the 
customer [base]. That's not the total 
answer, but it's a hell of a start. And if you 
have 1,000 employees and you find out 
500 of them have handhelds and 80 per- 
cent of them have Palm devices, there's 
no cost to train them. And I T guys are not 
getting up in the morning these days and 
saying, 'H ow can I spend more money?' 
And how will Palm keep its developer base? 
You need a great development environ- 
ment, [which is] very important in the 
enterprise story. We will have a compre- 
hensive package of development tools, an 
extensive suite of J ava tools and third-par- 
ty solutions like AppForge [Visual Basic 
extensions], which is a really good cross- 
platform solution. We are also taking spe- 
cial steps to make sure that the Visual 
Studio family of tools will be available, 
but Microsoft is making that difficult. 
Despite their claims of the openness of 
Visual Studio, they are dragging their 
feet. They are not acting in their own best 
interest either strategically or tactically. 
Microsoft recently released a set of exten- 
sions for Visual Studio.NET that it says let 
developers use a single IDE to target any 
machine running any version of Windows, 
including their embedded versions. Will 
this affect your ability to compete in the 
enterprise? 
I think it represents Microsoft's vector 



into controlling services as well as appli- 
cations and operating systems. They have 
no choice because their operating-sys- 
tem strategy is a bit of a mess from a 
developer point of view. Windows CE, 
Stinger and PocketPC all [encompass] 
completely different development mod- 
els, and they have to do something to 
mask those differences, so you end up 
with a least-common-denominator envi- 
ronment. And C# is probably an OK 
approach, but if they opened it up and 
made it a cross-platform development 
environment, it would be a much more 
powerful play for them. By not doing so, 
they open themselves up to an attack by 
someone who can offer an alternative to 
their "M icrosoft or the highway" strategy. 
How does Palm's licensing strategy differ 
from that of Microsoft? 
With as much as Bill [Gates] talks about 
innovation, one of the problems of Win- 
dows is that if he doesn't plan it, it doesn't 
get into the platform. So, increasingly, 
they have an innovation bottleneck 
because you have one single design phi- 
losophy. We have the opportunity with 
our licensees to create innovation... which 
we'll incorporate back into the platform if 
it makes sense. We pick our licensees very 
carefully; we're only interested in 
licensees who add some special value. I 
think that the overall development model 
of the Palm community is a potentially 
stronger one in terms of innovation than 
what we've had from M icrosoft." I 



Sun Lays Out Blueprints for Wireless Development 

Java Smart Ticket reference application provides guidelines, best practices 



BY DAVID RUBINSTEIN 

Sun Microsystems Inc. wants 
to turn enterprise Java devel- 
opers into masters of the 
mobile application by offering 
Java Blueprints for Wireless, 
based on a reference applica- 
tion that defines design guide- 
lines and shows choices to 
make when extending J2EE 
applications on the server to 
J2ME Mobile Information 
Device Profile (Ml DP) appli- 
cations on the client. 

The reference application 
within Blueprints for Wireless, 
called Java Smart Ticket, has 
been available for free at www 
.java.sun.com/blueprints since 
early last month. It offers 
guidelines for such things as 
whether it is better to store and 
manage data on the server or 
the device, and makes re- 
commendations for creating 
reusable code modules, accord- 
ing to Danny Coward, a senior 
staff engineer at Sun. Java 



Smart Ticket is a sample appli- 
cation for booking and reserv- 
ing movie tickets, but can be 
swapped out for inventory con- 
trol or other business-critical 
applications, he said. "This 
application hits the main design 
points developers face when 
developing this kind of applica- 
tion," he said. 

Targeting developers and 
software architects, "the Blue- 
prints act as a repository for 
choices and trade-offs develop- 
ers make when the two plat- 
forms come together," Coward 
said. "Developers need guid- 
ance on such things as how to 
design the message format 
when a handheld needs to 
retrieve data from a server, or 
how to configure an application 
for end-to-end security." 

Coward said Sun engineers 
found that many of the same 
concepts of Java development 
translate from small devices to 
large enterprise servers. "Fit- 



ting the platforms together 
worked really easily," he said. 
"You have to understand, 
M IDP was only released in 
November [2000], and we 
debuted the Blueprints for 
Wireless at JavaOne [in June]. 



I t's all fairly new stuff," 

Java Blueprints for Wireless 
extends Sun's program, which 
began with Blueprints for 
Enterprise and its Java Pet 
Store reference application, 
said Cori Kaylor,J2EE product 



marketing manager for Blue- 
prints. "This is a chance to 
show J ava technology from one 
end to another, and it's avail- 
able today," she said. "Blue- 
prints for E nterprise alone has 
had 200,000 developers down- 
load the code," which is 
released under the Berkeley 
license. Coward hinted that 
more Blueprints programs are 
in development. I 



Z-WORLD MATES PROGRAMMABLE DEVICES WITH INTERNET 



BY EDWARD J. CORREIA 

Embedded systems maker Z- 
World Inc. in late November 
was scheduled to release the 
D eviceM ate D evelopment K it, 
a set of hardware and software 
tools that it claims permits 
developers to network-enable 
any programmable device 
equipped with a serial interface. 
According to the company 
(www.zworld.com), the kit in- 
cludes everything necessary to 
add network monitoring and 
diagnostics to remote devices, 
and enable them to initiate e- 
mail alarms, create and serve 
Web pages, perform logging 







The all-inclusive DeviceMate kit can 
Internet-enable any serial device. 

functions and facilitate other 
types of communications. The 
kit is targeted at manufactur- 
ing equipment, security sys- 
tems, building and factory 
controls, and vending and 



gaming machines, according 
to the company. 

The DeviceMate Develop- 
ment Kit sells for $399 and 
includes Z-World's RCM2200 
compact Ethernet module 
(which serves as the target sys- 
tem's host), a sample target 
device, the company's Dynamic 
C integrated development en- 
vironment, pretested programs 
and all necessary software li- 
braries. Additional DeviceMate 
host modules, needed for each 
network-enabled device, cost 
$34 in quantities of 1,000. The 
company charges no royalties or 
additional licensing fees. I 
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Impulsesoft Adds Bluetooth to 'Radio Neighborhood' 



BY EDWARD J. CORREIA 

With the promise of removing 
wires from a broad array of 
devices, Impulsesoft Private 
Ltd. has released ConnectFree, 
a trio of development hardware 
and software kits for Linux and 
Windows that it claims simpli- 
fies the task of adding Blue- 
tooth capabilities to devices 
ranging from personal and 
handheld computers, to auto- 
motive, industrial and medical 
systems. Bluetooth specifica- 
tions enable developers to cre- 
ate low-power radio-frequency 
connections between devices. 

The Bluetooth Development 
Kit includes an expandable 
ARM -based development board 
with configurable flash, serial 
and Fast Ethernet, plusJTAG 
and serial interface debugging. 
According to the company 
(www.impulsesoft.com), the 
board is RTOS-independent, 
and the kit also includes a virtu- 
al serial port API for rapid 
application prototyping. 

For developers not in need 
of hardware, I mpulsesoft's E im- 
bedded SDK contains a set of 
sample Linux applications and 
an API built around a Linux 
version of the company's Blue- 
tooth stack, which requires a 
110KB footprint and uses no 
more than 9KB R AM , the com- 
pany says. Designed mainly for 
developers building applica- 
tions for LAN access points, 
modems and multimedia, the 
kit's libraries reportedly support 

WEBSPROCKET TO 
EXTEND FORTE IDE 

BY EDWARD J. CORREIA 

Embedded developer Web- 
sprocket LLC is working on a 
set of extensions to Sun's F orte 
for Java IDE that it claims will 
permit Java applications to 
automatically integrate with the 
SunONE architecture. 

According to the company 
(www.websprocket.com), the ex- 
tensions will permit Forte devel- 
opers to create an all-Java- 
device operating environment 
such that enterprise systems will 
view the physical devices as J ava 
language objects. 

Ed Hollinshead, Websprock- 
et's director of business develop- 
ment, said, "We anticipate a large 
number of developers accessing 
our Forte tools extension, there- 
by providing a catalyst for our 
advanced J ava technology." I 



a variety of embedded targets, 
including those from Broad- 
com, CSR, Ericsson, Infineon 
and Texas Instruments. 

Sharing an API with the em- 
bedded kit is the company's 
Windows SDK, which adds 



I mpulsesoft's BluePC Blue- 
tooth stack for Windows to the 
suite. Conforming to Micro- 
soft's Windows Driver Model, 
BluePC works with Bluetooth 
1.1 and multiple transport lay- 
ers. The kit also supports USB, 



UART and PC Card interfaces. 
Also included with the Win- 
dows SDK are BlueExplore and 
BlueConfig applications. Blue- 
Explore extends Windows Ex- 
plorer to include Bluetooth 
devices in the "radio neighbor- 



hood," and displays a list of ser- 
vices provided by each. Blue- 
Config, a utility that can be set 
to execute whenever a new 
Bluetooth device is connected to 
the host machine, is used to set 
properties of connected devices, 
display available services and 
associate those services with 
communications ports. I 
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Closed-source embedded RTOS 
vendors claim fewer eyes are better 
for protecting network devices 





BY EDWARD J. CORREIA 



How secure is your embedded 
device against software threats? 
As seemingly indefatigable an- 
tagonists create a constant threat 
of network system failures, 
developers have begun to realize that 
they may be reaching the limits of ap- 
plication and network security and are 
looking to the operating system itself to 
take on more of the protective responsi- 
bilities, thereby serving as the last line 
of defense once network safeguards 
have been circumvented. 

But according to Bob Monkman, 
director of product marketing for core 
technologies and tools at embedded sys- 
tems developer OSE Systems (www 
.ose.com), many times the operating sys- 
tem isn't up to the task. "Security as a 
whole has not really made its way 
beyond preventing access to the box. 
The network is the way in, so security 
has to be there. But with the vast major- 
ity of operating systems, once you have 
access to the machine, you can go in and 
read/write memory, and really destroy 
the machine." 

Expanding on the point was Bill 
Weinberg, director of strategic market- 
ing at embedded L inux developer M on- 
taVista Software I nc. (www.mvista.com). 
"A malicious piece 
of code could cor- 
rupt other applica- 
tions or the kernel, 
bring down the sys- 
tem or change its 
functionality" and 
could control the 
system's I/O devices. 
Weinberg said 
Once you have that systems most at 

access to the ma- risk are those not 
chine, you can real- built with security in 
ly destroy it, says mind from the out- 
OSE's Monkman. set. "An area that is 





RTOS security 
can't be bolted on; 
it must be built in, 
says Aberdeen's 
Hemmendinger. 



especially vulnerable is where you take 
old-style systems and tack on network- 
ing after the fact. They are unstable 
because the networking is not native to 
them," and therefore network security is 
like a "Band-Aid on top of a Band-Aid." 
Eric Hemmendinger, research di- 
rector at Aberdeen 
Group, supported 
Weinberg's conten- 
tion. "Outside the 
RTOS world, securi- 
ty usually involves in- 
jecting mechanisms 
that make decisions 
about certain be- 
haviors before they 
reach the operating 
system, and the com- 
puter moves slow 
enough to allow that. 
With an RTOS, you 
don't have that op- 
tion unless you build it into the operating 
system. Because of this need to hook in 
at the foundation level, it's useless to 
view security in the RTOS context as 
something you can bolt on afterward." 

Monkman said that more often, 
developers are asking for protections 
such as encrypted memory, service 
denial or limiting access to memory 
based on user profile. "The RTOS is a 
perfect place for addressing security 
because it controls access to memory 
and services," he said. 

According to Monkman, high avail- 
ability and security are spokes on the 
same wheel. "One is more concerned 
with reliable execution and machine 
resources that continue to operate. The 
other is more focused on preventing mali- 
cious use of resources or denial of 
services. This is just emerging and still 
focused on connectivity, but more people 
are looking for the RTOS to provide more 



of an overall security model," he said. 

Hemmendinger added that when 
approaching the problem of denial-of- 
service attacks, developers are focused 
less on identifying the problem "at the 
first possible device" and more on 
"preventing it from moving further 
upstream or downstream." 

RTOS VULNERABILITY 

John Gordon, senior member of techni- 
cal staff at Wind River Systems Inc. 
(www.windriver.com), asserted that the 
most vulnerable of today's embedded 
operating systems are those that originat- 
ed as desktop systems. "Linux and the 
embedded forms of Windows are the 
weakest simply because most of the 
attacks today are targeting the desktop 
variations of these operating systems, and 
any weaknesses found there will probably 
be found in the embedded forms, too." 
Wind River develops and markets Vx- 
Works, a proprietary operating system. 

Gordon said that two central elements 
of security are secrecy and simplicity. 
"The relative obscurity of both propri- 
etary and homegrown systems makes 
them harder to attack, though not 
impossible," he said. "E mbedded systems 
tend to be using unknown architectures 
H and tend to have 
simple menu-driven 
interfaces rather than 
shells," he noted, 
adding that some de- 
ployed VxWorks sys- 
tems in their purest 
form offer no services 
at all, but that "once 
network services 
[such as] a telnet dae- 
mon, Web server or 
SN M P agent are 
added, security issues 
are exposed." 



Today's most vulner- 
able RTOSes origi- 
nated from desktop 
systems, says Wind 
River's Gordon. 
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OSE 's M onkman held a similar view. 
"Now more than ever, people are 
becoming cognizant of who is trying to 
get to [their] machines and do things," 
he said. Monkman explained that such 
activities have been more evident in the 
enterprise than in deeply embedded 
devices "because people are convinced 
that you really can't get to these highly 
specialized devices" and wouldn't know 
what to do anyway. "It's not like a PC 
with known hardware and software. You 
can't go in and write a program to run on 
an oil drill [for example]." 

But MontaVista's Weinberg warned 
that any supposition of obscurity can be 
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dangerous. "I n the proprietary software 
community, there's a tendency to rely on 
secrecy and not on security That is your 
'what the public doesn't know they can't 
hack into' [mentality]. It's a common mis- 
conception that closed source and secre- 
cy breed security. I will grant that [pro- 
prietary] RTOS codebases are so obscure 
that hackers are relatively inexperienced 
with them. But you can only stay invisible 
for so long. If you live in obscurity you 
get a false sense of security." 

DOES OPEN EQUAL SAFE? 

M ontaVista develops and markets open- 
source software for embedded systems, 



including its Linux-based operating sys- 
tem. "Once you stop taking obscurity for 
granted, you become security-minded," 
asserted Weinberg. He pointed to the 
innumerable open-source developers 
who take pride in their ability to fix secu- 
rity holes quickly. "It's prestigious to 
repair exploits. If you look at it as game 
theory, any hawk that is going to exploit 
the open-source doves is going to be met 
by another hawk who is really an open- 
source dove whose vested interest isn't 
in exploiting but in gaining prestige by 
repairing the exploit. There are more 
people on that side of the fence than on 
the exploiter side." 




Relying on obscuri- 
ty can lead to a 
false sense of secu- 
rity, says Monta- 
Vista's Weinberg. 



Conversely, Weinberg alleges that 
proprietary operating-system develop- 
ers prefer to keep their problems 
private. "The closed-source community 
has a vested interest in hiding all 
knowledge of both implementation and 
history of exploits to the point where 
their base position is denial." He cites a 
well-known case in which Linux devel- 
oper Alan Cox found a security bug in 
Solaris, which over the course of a year 
he tried to bring to Sun's attention. 
"He got fed up and went out to the 
community and started screaming 
about it, and it still 
wasn't fixed." Wein- 
berg claimed that in 
such situations in- 
volving the open- 
source community, "a 
patch would be avail- 
able in hours and 
people would be 
using it within a day." 

Weinberg also 
claimed that the 
closed-source devel- 
opment process suf- 
fers from inadequate 
peer review. "Code 
review in this environment is usually 
compared with proctology, because nei- 
ther side of the table enjoys the process. 
The communities that are developing 
proprietary software are too small to 
guarantee that they really are secure 
because there are not enough eyes look- 
ing at them. Open-source RTOSes 
benefit from broad exposure, quick 
exposure and repair of exploits, and a 
fondness and respect for standard prac- 
tices so that when security is there, it is 
used correctly." And while he admitted 
that the process does not guarantee that 
such exploits will be fixed, "the need to 
protect commercial interests through 
secrecy is practically a guarantee that 
exploits will occur and won't be fixed." 

Paul Zorfass, senior analyst with 
research firm International Data Corp., 
said that the practice of concealing the 
negative aspects of products is common- 
place, even among the open-source com- 
munity. "They are both guilty of it, so 
what? The open-source people don't 
identify every blemish that their operat- 
ing systems have, and will clearly identify 
work-arounds and other creative solu- 
tions or ways of solving problems [when] 
the operating system is unstable in cer- 
tain conditions. They have a greater cru- 
sade mentality and would like to 
dethrone those with larger market share." 

TO PROTECT AND SERVE 

Despite their differences, most agree 
that system security has more to do with 
the way the RTOS handles memory and 
objects than whether its origins were 
from open- or closed-source code. 

"Once you do get past the secrecy 
and networking security measures, the 
flat memory utilization becomes a huge 
disadvantage because there's nothing 



to keep [hackers] from going further," 
said MontaVista's Weinberg, referring 
to the flat memory model used in most 
of today's embedded systems. One 
exception is Linux, which employs vir- 
tual memory and addressing to protect 
application code. 

According to Daya Nadamuni, 
senior analyst for design and engineer- 
ing software at Gartner Inc., Wind 
River also protects applications with 
VxWorks AE , its high-availability RTOS 
that implements a method called pro- 
tection domains. "Each domain is 
protected, and you cannot overwrite 
the memory or an existing task. It gives 
you more protection from RTOS fail- 
ure." However, Nadamuni said that 
application data, which resides in 
shared memory, remains unprotected, a 
fact that she said is "true of most oper- 
ating systems." 

Donn Rochette, vice president of 
engineering at embedded systems de- 
veloper OnCore Systems Corp. (www 
.oncoresystems.com), said that while 
the concept of protection domains pro- 
vides a modicum of security, it also 
introduces a few problems. "Now that 
you've erected these walls, you'll end 
up copying data between what you've 
just protected, because all threads 
assume that memory can be shared be- 
tween threads." He said this exacts a 
performance toll that is difficult to pre- 
dict. To help maintain determinism, 
"Wind River uses a shared common 
area [of memory], and any [application] 
can read and write all that data," essen- 
tially removing all protections from the 
data, he said. 

According to Rochette, the OnCore 
OS solves these problems with a virtual 
memory model that does not permit 
applications to map directly to memory. 
I nstead apps are given a virtual memory 
map equivalent to the total memory avail- 
able in the system, and the RTOS maps 
Othe virtual addresses 
to physical ones. 
Applications register 
themselves with the 
operating system and 
can be available only 
to certain other ap- 
plications or services. 
J "The military loves 
I this. You can have 
Both open- and encrypted and non- 
closed-source ven- encrypted sides, each 
dors conceal flaws, with no knowledge 
says IDC's Zorfass. of the other," he said. 
All physical memory 
is managed only by the operating sys- 
tem; applications are never permitted 
to touch it directly. "I can put whatev- 
er memory I want behind a virtual 
address. I can have [variables] A and B 
both going to the same page of memo- 
ry because I can pick both virtual 
addresses and point them to the same 
physical address," effectively exchang- 
ing data between applications without 

► continued on page 20 
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SECURITY? 

< continued from page 19 

copying, he explained. 

Wind River's Gordon said 
that while systems with pro- 
tected memory can help mini- 
mize the impact of malicious 
code, they cannot totally pre- 
vent it. "A good hacker will be 



able to find a way to cause 
some harm from such an 
exploit," he said, adding that 
the best security plans use a 
combination of elements. "E in- 
suring the security of an em- 
bedded system is really a joint 
effort [among] the RTOS de- 
veloper, middleware providers 
and the application developer. 



From the RTOS perspective, 
this will likely mean more vali- 
dation of system calls, and 
increased use of desktop-like 
kernel/application separation." 
Such combinations of se- 
curity measures are particularly 
valuable, Gordon continued, in 
systems that might require 
field upgrades. "Any commun- 



ication with the outside world 
is a vulnerability," he said, ad- 
ding that the most risky are 
those that allow software to be 
uploaded to the CPU. 

Gordon suggested several 
limitations. "Only accept up- 
loads from a specific physical 
connection or perhaps only 
from internal networks, and 
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use a call-back scheme" to 
facilitate the device pulling 
software to it, rather than 
pushing uploads to the device. 
H e also suggested the use of 
hash tables for validation of 
trusted binaries before loading 
and execution, encryption of 
uploads and use of administra- 
tive accounts. 

M ost agree that use of such 
methods could further safe- 
guard embedded systems, but 
that the RTOS itself has to be 
its own bastion for protecting 
the system. "I think to a large 
degree it depends on the 
technology," said OnCore's 
Rochette. "If security is de- 
fined as [an RTOS] that does 
not permit a rogue application 
to crash the box, then surely 
Linux is much more secure 
than VxWorks. Security has 
more to do with the technolo- 
gy that the operating system is 
based on than [whether] it 
came from commercial, open 
or homegrown source code." 

But Weinberg held fast to 
his open-source viewpoint. 
"What the industry suffers 
from is a misunderstanding of 
openness and security. The 
misconception is that if it's 
open, it's not secure. Very 
good locks are understood, but 
that doesn't make them less 
secure." I 
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EDITORIAL 

Brand Awareness 

In their rush to create new software megab rands, indus- 
try giants like Computer Associates, H ew I ett- Packard, 
IBM and Oracle may win the battle but lose the war. As 
these companies integrate and brand their software tools 
and platforms using overarching labels like CleverPath, 
N etaction, WebSphere or Oracle9i, the increased empha- 
sis on megabrands and on one-stop shopping will confuse 
and alienate customers. 

Worse, the new trend toward megabrands in the J 2E E 
market may undermine one of Java's core value proposi- 
tions—the ability to mix and match best-of-breed solu- 
tions while maintaining an underlying technology founda- 
tion based on common specifications. 

Software companies used to distinguish between their 
application development tools and their application 
deployment platform, and that differentiation was good. 
Consider the old IBM universe. Developers wrote soft- 
ware using VisualAge, and might deploy it on any number 
of platforms, such asjava, Linux, Unixor Windows. IBM 's 
J ava runtime environment was WebSphere, but there was 
no particular coupling between VisualAge and Web- 
Sphere: You could use VisualAge to develop for other app 
servers, like BE A's WebLogic, or use other tools, like Bor- 
land's J Builder, to develop for I BM 's WebSphere. 

Today, the WebSphere brand encompasses not only 
the J2E E application server, but also the tools formerly 
known as VisualAge. What's the message? That IBM is 
selling a closed system. I f you want to use the WebSphere 
tools, you should be developing for the WebSphere app 
server. If you want to use the WebSphere app server, you 
should use the WebSphere tools. If you don't like one or 
the other, too bad— it's a package deal. 

Oracle also encourages tight coupling. The Oracle9i 
database, Oracle9i app server and Oracle9i J Developer 
are specifically designed and marketed as components of 
a single solution. Vertical integration within the brand is 
primary; interoperability with other J 2E E -based products 
is secondary. Oracle has worked hard to make J Develop- 
er an outstanding I DE.. .for developing for Oracle9iAS. 

The latest megabrand player is Computer Associates 
(see "Jasmine Out as CA Ends Name Game," page 1), 
which fortunately backed off an ill-advised plan to label 
many of its software tools asj asmine. (As it plays catch-up 
to I BM , we wouldn't be surprised to see Sun rebrand its 
F orte for J ava tools as "i Planet D eveloper Studio.") 

Is this bad? Yes. We would argue that the merger of 
tools and platforms into a tightly integrated brand is ulti- 
mately damaging for those companies trumpeting that 
their offerings are built on "open standards." 

The idea that one could use multiple tools to build for 
multiple deployment platforms is at the heart of J 2E E . 
Granted, nontrivial applications were never "write once, 
run anywhere" between the J 2E E app servers, but at least 
there was the pretense that developers could choose tools 
without worrying where the apps would be deployed. 

With the integration of the Java development tools 
with each vendor's app server, that pretense is wearing 
thin. The J ava community may soon be facing its toughest 
challenge yet: notM icrosoffs.NET, but the balkanization 
of the community into megabranded solutions that favor 
vertical integration over the founding principles of the 
J2EE community. I 
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10 PREDICTIONS FOR P-TO-P CONTENT DELIVERY 



Peer-to-peer delivery of Web 
content isn't exactly main- 
stream yet. In fact, the idea of 
relaying content from peer PC 
to peer PC — an architecture 
reminiscent of N apster hijacked 
to serve a new purpose— is just 
beginning to find an audience. 

The latest research from 
PeerToPeerCentral.com shows 
that P-to-P content delivery is 
an important technology for 
enterprises. Very shortly, expect 
to see companies like AllCast, 
ChainCast and vTrails give con- 
tent delivery giants like Akamai 
a run for their money, at least in 
certain niches. 

These peer-to-peer vendors' 
definition of a "network" may 
be virtual rather than real, but 
as we all know, virtual networks 
are just as important as "real" 
physical networks in today's 
Internet-based world. And we 
think their virtual networks can 
deliver the content goods. 

Our report on the rapidly 
maturing P-to-P content deliv- 
ery market returned the follow- 
ing 10 predictions: 

1. Even if P-to-P content 
delivery companies don't de- 
liver on all of their claims, 
their benefits will shift the 

marketplace. Some industry 



observers contend that even if 
P-to-P players offer large cost 
savings, it won't matter because 
they can't offer quality-of- 
service guarantees. They're 
wrong. These new P-to-P net- 
work topologies do offer QoS 
guarantees, monitor bandwidth 
very closely and track end-user 
behavior to a degree not 
possible in some tradi- 
tional networking envi- 
ronments. 

We believe the P-to-P 
streaming players' quali- 
ty and cost-savings claims 
have merit. More impor- 
tant, their message is get- 
ting through to buyers in 
the marketplace. Webcasting 
customers, ISPs and telcos/ 
backbone providers are likely to 
see P-to-P streaming as viable 
technology options— or at least 
worth testing. 

As a result, non-P-to-P in- 
frastructure players such as 
Akamai will find themselves 
under unprecedented down- 
ward fee pressure, which will 
change the way they price and 
bundle their services. 

2. The consumer P-to-P 
streaming market is hot, but 
enterprise delivery is a big- 
ger opportunity. There are 
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millions of M adonna fans eager 
to hear her next single, but 
comparatively few enterprise 
users eager to review their 
company's H R orientation 
video. At first (late 1990s) many 
of the early P-to-P companies 
went after the mass market. 
Even so, enterprises have a 
well-defined need for 
affordable, well-man- 
aged communication— 
and are willing to pay for 
it. And P-to-P stream- 
ing, which must be 
managed minutely to 
offer any sort of quality, 
seems to fit the bill. 
Enterprise needs, ulti- 
mately, are the most stable 
source of dollars, which is why 
virtually all P-to-P content deliv- 
ery networks (CDNs) are now 
reaching for enterprise business. 
3. Network service pro- 
viders and telcos are the ulti- 
mate P-to-P streaming chan- 
nel. Since they're only toddlers, 
peer-to-peer content delivery 
companies are still making their 
pitches in the marketplace 
largely on their own. But a few 
have already begun to seek part- 
nerships with I SPs and telcos to 
bring networking muscle to 
their proposals. You could see 
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WHERE WILL ALL THESE WEB SERVICES COME FROM? 



One of the supposed benefits 
of Web services being 
bandied about is the opportuni- 
ty for companies to use these 
services to reduce application 
development costs and at the 
same time deliver better soft- 
ware, faster. If you look closer, 
though, this better-software-for- 
less carrot that major 
players in the Web ser- 
vices game are dangling 
in front of us looks more 
like a turnip. The fund- 
amental question is: 
Where are these new 
services going to come 
from? The short answer 
is, they will be written 
either by the vendors of 
major Web services frameworks 
(Microsoft, Sun, HP, Oracle), 
specialist Web service providers, 
or by organizations developing 
them for internal use and then 
sharing them with their business 
partners or the world at large. 
Unfortunately, the average or- 
ganization seeking production- 
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quality Web services from these 
sources is likely to walk away dis- 
appointed, and here's why. 

I n an effort to establish them- 
selves in the market, the key 
players are all promising to pro- 
vide a wide assortment of Web 
services to help organizations 
get started. But if you look at 
what they're promising 
to bring to the table, and 
compare it with what is 
actually needed to devel- 
op a production-quality 
solution, you'll see a cav- 
ernous gap. Things like 
security, authentication, 
payment processing and 
user registration are all 
important parts of most Web- 
based applications, but the reali- 
ty is that the time and money 
saved by not having to develop 
these components from scratch 
is likely to be negligible when 
compared with the total cost of 
the project. By far the greatest 
amount of effort is expended in 
coding the organization-specific 



business rules and workflows. So 
while the "foundation" Web ser- 
vices are important, organiza- 
tions looking to realize real sav- 
ings in application development 
costs will have to look elsewhere. 
One obvious place to look is 
the ever-growing army of Web 
service providers. But consider 
this: These providers have been 
around since the dawn of 
the Internet. Currently there 
are countless organizations that 
provide news and weather, stock 
prices, special offers and other 
information via live feeds across 
the I nternet. W hy don't you use 
them? Obviously because the 
services aren't of much use to 
the majority of organizations. I 
suggest that nothing much will 
change. Granted, when Web 
services really take off, and the 
market for such services grows, 
new players will enter the mar- 
ket and begin offering a greater 
and more diverse array of ser- 
vices. The problem is that in 
order to maximize profits, these 
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your corporate I SP offer such an 
option within 12 months. 

4. The logical corollary: 
Hosting companies should 
consider partnering with, 
investing in or acquiring dis- 
tributed computing compa- 
nies to offer their own 
streaming P-to-P services. 

ISPs and Web-hosting firms, 
let's face it: If your customers 
do any sort of broadcasting, it's 
already better to join the P-to-P 
streaming companies than try 
to beat them. With estimated 
bandwidth savings ranging 
from 50 percent to 90 percent, 
hosting firms and I SPs owe it to 
themselves to at least give P-to- 
P streaming a try. Enterprises 
may want to anticipate these 
deals— perhaps even by en- 
couraging their I SP to find such 
partnerships. 

5. Traditional content 
delivery networks won't sur- 
vive the next wave of con- 
solidation and competition 
without an infrastructure 

partner. Williams owns 49 per- 
cent of iBeam. Cable and Wire- 
less picked up all of Digital 
Island, lock, stock and barrel. 
While building a monster net- 
work of servers and data cen- 
ters to deliver far-flung content 
may have made sense a few 
years ago, these days the num- 
bers won't work without a tel- 
co's economy of scale. Look for 



more telco/delivery network 
marriages soon. 

6. Hybrid traditional con- 
tent delivery networks with 
P-to-P content delivery at 
the edge will begin to form. 

Akamai may have the muscular 
network of nearly 12,000 
servers and a lot of cash flow, 
but it can no longer afford to 
maintain its high-flying in- 
frastructure. At some point 
it will acquire or license tech- 
nology from P-to-P content 
delivery vendors. The market is 
growing rapidly enough that 
it will have its choice of poten- 
tial vendors/partners from 
which to choose. 

7. Security issues raised 
by P-to-P could remain criti- 
cal for at least the next 12 
months; enterprises, howev- 
er, need not share these 
fears. On-demand P-to-P con- 
tent delivery can raise some 
security questions. I f a Webcast 
reserves chunks of a consumer's 
hard disk and passes informa- 
tion along via successive hard 
disks, only the most stringent 
attention to security could lock 
down the data well enough to 
please those with serious secu- 
rity concerns. 

On the other hand, enter- 
prises whose PCs lie behind a 
firewall may wish to initiate 
Webcasts only from within 
that firewall, and therefore 



may not fear security breaches 
nearly as much. 

F or the near term, however, 
those critics who dislike, fear or 
compete with P-to-P streaming 
do have some leverage when they 
complain that there are inherent 
security concerns in sharing 
hard disks for on-demand P-to-P 
Webcasting. Even if a P-to-P 
content delivery solution doesn't 
use this method, P-to-P CDNs 
will find themselves defending 
against this "straw man" in their 
sales meetings. 

8. P-to-P content delivery 
providers will need to own 
key channels of their busi- 
ness. With ChainCast acquir- 
ing Internet radio broadcaster 
StreamAudio and ramping up 
rapidly in its delivery channels, 
the first shoe has fallen. This 
deal illustrates an important 
principle— that P-to-P content 
delivery may work better if 
providers pick up others down- 
stream in their delivery plans. 

Expect to see more acquisi- 
tions integrating P-to-P deliv- 
ery networks with their chan- 
nels in the near future. F urther 
acquisitions are likely in the 
Webcasting arena, as P-to-P 
content companies acquire fi- 
nancial fulfillment technology 
firms in order to offer a more 
complete content sales option 
to customers. Along the way, we 
also expect to see broadcasters 



work the deal in the opposite 
direction, acquiring P-to-P de- 
livery networks to shore up 
their distribution mechanisms. 

9. P-to-P content delivery 
vendor public offerings are 

on the way. Sometime in the 
second quarter of 2002, after the 
I PO market recovers, look for a 
few of the players with positive 
cash flow and big-name partners 
to hit the public markets. 

10. P-to-P content deliv- 
ery will find consumer ac- 
ceptance quietly, but widely. 

The P-to-P content delivery 
market is maturing more quiet- 
ly than most, but it has a better 
chance of gaining traction than 
it may appear at first glance. 
Consumers are already familiar 
with user-to-user computer 
sharing through networks like 
Napster and Gnutella. If ex- 
plained properly, P-to-P CDN 
plug-ins won't be hard for con- 
sumers to swallow. 

With a growing number of 
intelligent, decently funded 
companies seeding the market 
with this technology, consumer 
and, for that matter, enterprise 
acceptance will firm up with 
seeming suddenness within six 
to 12 months. I 

Anne Zieger is principal analyst 
with PeerToPeerCentral.com, 
an independent research firm 
covering this technology. 



vendors will concentrate on 
providing services targeted at 
as many customers as possible 
(since it costs the same amount 
to develop a service for one cus- 
tomer as it does for 10,000). 
This will ultimately result in a 
very deep but narrow market 
with lots of vendors providing a 
small range of services (the 
most profitable ones). 

ORDINARY ORGANIZATIONS 

Over the years, I've been in- 
volved in many software devel- 
opment projects during which 
we developed funky components 
that I 'm certain could have been 
used by other organizations. Of 
these countless components, 
how many do you think were 
packaged up and sold? Precisely 
zero. This isn't surprising. For 
organizations whose primary 
business has nothing to do with 
software, it's hardly worth both- 
ering with all the details involved 
in taking an in-house component 
and taking it public (marketing, 
licensing, legal issues, support, 
upgrades, etc.). If organizations 
are reluctant to do this with tra- 
ditional (e.g., COM) compo- 



nents, why would anything 
change with Web services? And 
in any event, why would anyone 
use a Web service from an orga- 
nization that might decide that 
it's too much trouble and pull the 
plug at any time? 

The major proponents of 
Web services are going to great 
lengths to convince the world 
that in the near future you'll be 
able to take a number of best-of- 
breed "building blocks" (Web 
services) and assemble them 
into an application that will meet 
your every need. The reality is 
that these Web services will have 
to be provided by someone that 
deems it profitable to do so. 
When you look closely, though, 
there are very few services that 
appear to be profitable, and 
those that are profitable are 
already being offered. Since 
Web services are unlikely to 
materially alter the cost/revenue 
structure of providing these ser- 
vices, there doesn't appear to be 
much hope of seeing a great deal 
of innovation. I 

Raf Cammarano is a software de- 
velopment consultant in Australia. 
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WESTSIDE STORY AN 
UNDERSTATEMENT 

I read your article ["Westside 
Story: Ex-M icrosoft Visionaries 
Create Hosted IDE," Nov. 15, 
page 1, www.sdtimes.com/news 
/042/story2.htm]. I am cur- 
rently evaluating this product 
and what you say is right on the 
money. This product is an under- 
statement of achievement vs. 
Internet buzz. It does not need 
it. It has millions of Microsoft 
Access users as potential clients. 

I I has the potential to be a defin- 
ing software development on 
the Web. Try to top that, racle/ 
Microsoft/IBM! 

Andre Thouin 

RECOVERING FROM DISASTER 

David Rubinstein's column 
["Modeling at Ground Zero," 
Nov. 1, page 38, www.sdtimes 
.com/cols/moneywatch_041.htm] 
was a good story. I have 20+ 
years background in the Canadi- 
an Air Force, where disaster 
recovery was of paramount 
importance. I now work for 
the provincial government in 



Alberta where we have, shall 
we say, slightly less concern for 
"disaster." 

Dan Marshall 

Coordinator, Information 

M anagement 

Alberta, Canada 

GOOD INFORMATION 

Wayne Rash's column ["Win- 
dows XP I s H ere. N ow W hat?" 
Nov. 15, page 37, www.sdtimes 
.com/cols/webwatch_042.htm] 
is the only really informative 
article on XP I 've seen so far. It 
tells you something that you 
don't find in a press release 
from Microsoft. Keep up the 
good work! 
Hauke Wulff 

CORRECTION 

The Java Virtual Machine 
included in Sharp's new hand- 
held computer was misidenti- 
fied in an article in the Nov. 15 
edition ("Sharp Ships Linux- 
Based Zaurus H andheld," page 
17).TheZaurusSL-5000D uses 
the Jeode JVM from Insignia 
Solutions Inc. 
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THE APP SERVER MARKET TIGHTENS UP 



In previous columns, I have frequently 
contended that the J ava application serv- 
er market was due for some serious con- 
solidation. That time is now upon us. And 
like most traditional market shakeouts, 
this one bears two salient aspects. First, 
the winners are being quickly separated 
from the losers. Second, the competition 
among the winners is intensifying. 

According to the latest market-share 
results from D ataquest, the winners are 
BE A (41 percent), IBM's WebSphere 
(31 percent) Sun/iPlanet (13 percent) 
and Oracle (4 percent). H P's Bluestone 
is the only other vendor, according to the 
mid-2001 survey, with at least 4 percent 
penetration. H owever, I cannot see it as 
a winner. M ore on this point shortly. 

Several striking entries appear on this 
list. The old numbers, which placed BE A 
miles ahead of its competitor, Web- 
Sphere, are gone. I n 1999, IBM held just 
17 percent market share; to have nearly 
doubled this number is a remarkable feat 
(although not as remarkable as IBM's 
own claims, which place WebSphere a 
mere 4 percent behind BE A). The trend 
supports IBM 's pulling up even closer. 

Sun's iPlanet is enjoying a good run 
because of two factors: strong integrated 
features and a tight connection with 
Sun. The product line includes many 



integrated solutions absent in other 
companies' offerings (you recall that 
iPlanet's Netscape roots provide it with 
Web servers, mail servers, EAI solu- 
tions, certificate management servers, 
directory servers and more). For sites 
looking for integrated enterprise solu- 
tions, especially ones Sun will bless, 
iPlanet fills the bill well. 

The connection with Sun is 
iPlanet's good fortune. During 
the past year, iPlanet has moved 
steadily away from AOL/Net- 
scape and toward Sun's orbit. 
This is the right direction, as Sun 
knows how to market iPlanet 
products in ways that AOL could 
not and would not. H owever, the 
tight mapping to Sun may cause 
the latter difficulty because BE A pro- 
vides a fair portion of hardware sales for 
Sun, and BE A is not thrilled to have its 
hardware partner competing for the same 
customers. How Sun handles this colli- 
sion will be interesting. My bet is it will 
not back off promoting iPlanet. 

Oracle isthe other big surprise in this 
group. I opined just recently that the 
company would not fare well outside its 
installed base; but, in fact, Oracle's 9iAS 
is strong enough and bears so small a 
footprint that it is turning heads— and 
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becoming a bulwark of sales for Oracle. 
I think its spot on the market-share 
leader list is earned and likely to be 
enhanced by continued success. 

HP's Bluestone cannot endure as a 
market leader. The company has not 
been able to articulate an integrated 
Bluestone strategy. And with the signifi- 
cant distraction of the Compaq acquisi- 
tion occupying every manager at H P, the 
chances that Bluestone can stay focused 
enough to expand, or even maintain, its 
piece of the pie are slim. 

The market space occupied 
by HP is likely to be absorbed by 
the other big four. H owever, oth- 
er companies entertain hopes of 
getting some part of that slice. 
EA Server from Sybase recently 
has been making a big marketing 
push. The product is fast and 
well liked in its installed base. 
H owever, whether Sybase can be viewed 
as a real player in this market still needs to 
be established. In addition, its previous 
history of competing against IBM and 
Oracle is hardly an asset. 

Although it's not reflected by the 
market-share number, personally, I still 
contend J Run from Macromedia 
should be considered a market leader. 
The product is excellent and fills a 
need by catering to smaller sites that 
need easy-to-run J 2EE servers. Obsta- 
cles to J Run, though, are twofold: 






There aren't a lot of these sites around, 
and J Run is not a core Macromedia 
product. As to the first point, consider- 
able argument can be made that small 
sites need just servlets and JSPs. The 
full J 2E E suite, which carries consider- 
able functionality beyond these two 
basic services, is overkill at many small 
sites. And for these companies, open- 
source products such J Boss (not to 
mention Tomcat and the rest of the 
Jakarta project) may provide a suffi- 
cient solution. If so, then no smaller 
player will break into the top spots. 

Competition between IBM and BE A 
is the second aspect of this consolida- 
tion. This rivalry will intensify tremen- 
dously during the next several years. 
Because IBM sells hardware and sports 
a huge professional-services organiza- 
tion, it has the lead when it comes to 
getting into companies to pitch Web- 
Sphere. BE A still has the better technol- 
ogy, but that lead is closing now that 
IBM is awake to this market and has 
finally won J 2E E certification. D on't be 
surprised to see IBM pull ahead of BE A. 
Fortunately for both participants, the 
market is predicted to triple in the next 
three years, according to analyst firm 
Giga. As in all such dogfights, though, 
consumers are the winners. E njoy. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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WEB SERVICES: MORE SMOKE THAN FIRE 



Ever since Microsoft decided that 
Web services provided by .NET 
were the next big wave for software 
development, all too many developers 
have gone gaga over Web services. 

Excuse me as I yawn. I've endured 
too many attempts to repaint the old 
client/server metaphor to find yet anoth- 
er version all that exciting. At heart, Web 
services are yet another attempt to run 
most of an application's bulk at a serv- 
er/mainframe while the client/terminal 
handles the presentation level. 

This model's charms are easy to see: 
centralized control of the data and appli- 
cation. The problems, which all too 
many people fail to see, are poor local 
performance for users and a bandwidth 
stranglehold that makes even speedy 
applications seem pokey. 

Don't believe me? Consider such flops 
as the diskless workstation, the Network 
Computer, theJavaStation and application 
service providers. Yes, in their place— very 
small places— these ideas can and do 
work. D on't ever think, though, no matter 
what M icrosoft or Sun says, that Web ser- 
vices over the I nternet are going to revolu- 
tionize computing. It hasn't happened 
before; it's not going to happen now. 

F or you see, when you get through the 
alphabet soup of Web services— XM L, 
SOAP, UDDI and WSDL-what Web 



services really amount to is another meal 
of network programming and remote pro- 
cedure calls (RPCs). That's nice, but it's 
not the next era in enterprise computing. 

The one thing they do have to offer is 
that for the network front-end program- 
mers, writing applications with XM L and 
all that really should be much easier than 
it has been before. For the first time, 
we'll have an open, standards- 
based environment for writing 
network services that doesn't 
require programmers to know 
TCP/IP sockets and C better 
than they know their mothers. 

Under the surface, it's a dif- 
ferent story. F or the J ava world, 
you'll still need expert program- 
mers who can handle J2EE, 
database integration, EJBsand security. 

I can't emphasize that last point 
strongly enough. Whether there's a 
.NET or aJ2EE server in the back, no 
one has done much with securing Web 
services' front end. With their mix of so- 
new-that-the-shine-hasn't-worn-off pro- 
tocols, many early Web services deploy- 
ments will have major security holes 
unless you start filling them now. 

Let's also keep in mind that Web ser- 
vices are so new that we'll be building ap- 
plications on protocols that are still in a 
state of flux. For example, UDDI is an 
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open framework for describing and inte- 
grating Web services with an operational 
registry, but it's still being designed and 
hasn't been given to a standards organiza- 
tion. The tools aren't much more mature. 
While we already have BEA's Web- 
Logic 6.1 and IBM's WebSphere 4.0 as 
the No. 1 and No. 2 of J2EE application 
servers, Sun also wants to make a big 
splash in Web services with its Open Net- 
work Environment (ONE). If nothing 
else, it's a good idea as a PR counter to 
Microsoffsconstant.NET public 
relations blitz, but the follow- 
through is lacking. 

The technical heart of Sun 
ONE is the J AX Pack. Peter 
Kacande, Sun's senior product 
manager for bringing Java's APIs, 
architectures and technologies to 
XML, writes that "it's an all-in- 
one download of Java technolo- 
gies for XML. In J2EE the J AX Pack 
offers developers native API s in their J ava 
technology-based applications to act 
directly on XML and on various XML- 
derived standards, without having to 
implement XM L protocols or XM L -based 
standards on their own." 

So far, so good. But where are the 
pieces? J AXP, the J ava API for XML Pro- 
cessing, should be out first. After that, 
JAXM will provide developers with SOAP 
1.1 support, followed byJAX-RPC, which 
will give J ava an API to build XML -based 
RPCs. Sometime later, ebXM L and 



UDDI support with J AXR will show up. 

It sounds good, doesn't it? What's not 
to like about a nice development kit that 
will let anyone working with anyJ2EE 
application server create open XM L Web 
services? But the key question is: When 
will it show up? Well, after talking to Sun 
people and network developers, I think 
Sun ONE really won't take off until the 
third quarter of 2002. 

I don't like that one bit. While .NET 
isn't as mature as M icrosoft would have 
you believe, ONE still will run far behind 
.NET in market acceptance. And, to be 
cynical about it, by the time ONE finally is 
ready to be N o. 1, 1 expect Web services to 
have outlived their hype and be seen for 
the network middleware they really are. 

So if you want to get whatever sales 
benefits you can gain from Web services 
today and do it in Java, what should you 
do? I'd do it with existing J 2EE servers 
like those from BE A and IBM. 

Regardless of what you use, you can't 
afford to wait for N E . G etting Web ser- 
vices right and out in time to ride the 
market wave isn't going to give you much 
time. Web services are no miracle cure- 
all, but they can still benefit your front- 
end programmers and bump your profits 
upward— if you work on them today. I 

Steven J. Vaughan-Nichols has been writ- 
ing about technology for more than 15 
years and also has worked as a program- 
mer for NASA and the Dept. of Defense. 
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Meet the .NET Developer's Boss 

Last week, she finished looking at the betas of Visual Studio.NET and 
other portions of Microsoft's .NET strategy. It's not perfect, but it'll do. 
She's been successful in reducing the number of deployment platforms in 
the server room to three: Windows, HP-UX and AS/400. Although Linux 
and J2EE have a lot of potential, the CIO agrees that for now, it makes 
more sense for her team to continue following the Microsoft track to 
leverage huge investments in software, training, and code. 



But that doesn't mean that she blindly follows Redmond's advice. Windows 
and COM+ are only two pieces of a very complex puzzle. Her department 
still has a lot of programmers who know Visual Basic 6, and she has no in- 
tention of retraining them to use C#or C++, or forcing them to abandon 
Delphi, JBuilder or Rose. Somebody has to be the voice of reason and it 
can't be the individual programmers, who care more about cool interfaces 
and not enough about component reuse and cross-project standards. 
That's why she controls the checkbook. 

What does she read? Not the Visual Basic or code-centric programming 
magazines. They're too hung up on the latest technical details; immersing 
herself in SOAP APIs won't help her manage a 40-person software team. 
Not Web sites. MSDN is great for explaining Microsoft's newest buzzword, 
but doesn't provide the balanced big-picture view she needs. She needs 
to see it all: all the vendors, all the languages, all the platforms. She 
needs to know the trends, the products, the alliances, the initiatives, 
the NEWS, and what it all means. That's why she reads SD Times. 
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SECURITY RANT, PART III 
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hen fired upon, return the fire." 
Supposedly, that's a genuine police 
expression, but I can't be sure because 
the only cops I've ever heard utter it 
were Billy Crystal and Gregory H inesin 
"Running Scared." It's come to mind, 
however, as my last few underwhelmed- 
with-M icrosoft's-security columns were 
firing some fairly heavy shots in Red- 
mond's direction, and some shots came 
back in my direction. A number of read- 
ers pointed out that I had failed to men- 
tion that .NET offers security features 
besides authentication. 

That's true, and as a Visual Basic 
enthusiast I'm certainly aware of 
them— but there's only so much you can 
shoot in half a newspaper page, which is 
why this little security rant was split up 
into a trilogy. The .NET authentication 
issues were broken out into a separate 
column because of their immediate 
importance. Redmond wants its brand 
of Web services and application build- 
ing blocks to dominate the Internet as 
soon as possible, and authentication is 
today's big hurdle. 

Hailstorm has been renamed .NET 
M y Services, Passport has been cracked, 
and now M icrosoft is looking to ally with 
the very folks constituting Passport's 
competition. Where the ride ends 
nobody knows, but as both an e-com- 
merce consumer and developer, I can't 



honestly say I trust either Passport's 
technical implementation or its market- 
ing implications. In other words, 
M icrosoft has a lot of meat left to chew 
on the authentication services bone. 

But that still leaves security for .NET 
developers— what's the framework got 
now that, say, Visual Basic 6 program- 
mers didn't have before? Well, there's 
good news. Microsoft has built 
a much more robust security 
framework into .NET than 
M icrosoft developers have ever 
enjoyed on any other platform 
including COM or ActiveX. 
Those previous generations 
existed primarily in a trust- 
based security model, which is 
mainly responsible for the large 
number of compromises users have 
found in Microsoft-spawned code over 
the years. A trust model is simply too 
forgiving once trust is established or 
spoofed in some fashion. 

But.NET changes that with a system 
that not only borrows Java's sandbox 
model, but also adds identification and 
robust access and permission features. 
I n essence, users will no longer have to 
click "OK" to allow their system to trust 
newly encountered distributed code; but 
unlike J ava, where that code is then rel- 
egated to a system sandbox, .NET will 
still allow access to certain system 
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resources as long as the code passes 
proper security checks. 

The bedrock of this security system 
is that .NET requires all code to identi- 
fy itself to encountered systems with 
information including not only the soft- 
ware's publisher and Web site, but also 
its network zone, DNS and similar 
information. Based on this identity, 
administrators can assign code access 
security not only to specific code but 
also to specific code running in specific 
environments. That means that 
an application running inside 
a Windows GUI environment 
might have different permis- 
sions than the same code run- 
ning via the Web. 

Sound like some extra work? 
You're right. All this is based on 
a properly configured security 
policy manager that ships with 
the .NET runtime. Developers and 
administrators will need to configure 
the security manager in order to estab- 
lish the best security policy for the 
application. But wait, that's not all; 
M icrosoft has gone deeper than identi- 
ty-based permissions, allowing the 
security policy to assign role-based 
security permissions. 

And if that's not enough, developers 
can get even more granular using 
.NET'S declarative and imperative 
security features. Declarative security 
allows programmers to assign attribut- 
es to specific classes, methods and sim- 



ilar code snippets at load or runtime. 
Imperative security is almost the 
reverse, allowing the system to make 
security demands of the underlying 
security system. Last but not least, 
M icrosoft also has included a number 
of cryptography classes in the .NET 
F ramework to round out a very robust 
"permissioning" system with a dense 
perimeter of encryption. 

H ow does all this functionality work 
out in real life? I'm hoping you guys 
will let me know. Anyone having had 
experience with .NET'S new security 
muscle can feel free to let me know at 
orist@mindspring.com. And for those 
still looking to get experience, check 
out M icrosoft's Strategic Technology 
Protection Program (STPP). That 
includes not only a free virus support 
number (866-PC-SAFETY) but also 
the M icrosoft Security Tool Kit (avail- 
able at www.microsoft.com/security). 
The Tool Kit CD is a menu of tools, 
system patches and service packs, but 
it also contains a number of documents 
detailing security best practices and 
specific system security descriptions. 
It's not going to turn Passport into the 
Web's authentication Fort Knox, but 
it's the best crash course in application 
security that .NET developers can find 
at the moment. I 

Oliver Rist is a freelance technology 
journalist and vice president of technol- 
ogy at AIC Inc. 



WINDOWS XP: OPPORTUNITY FOR DEVELOPERS 



When I first started running Win- 
dows XP, I thought only of frustra- 
tion. It seemed as though Microsoft 
were determined to deliver a product 
that was missing things users needed, 
and to make it difficult to add things 
they might want. For example, both 
Web developers and users depend on 
the existence of a Java Virtual M achine 
avail able to their browsers, but Windows 
doesn't come with one. Of course, Win- 
dows XP doesn't come with a few more 
things, either, including an M P3 capabil- 
ity, that consumers clearly want. 

But it does come with other things. 
For example, there's a compatibility 
database that comes with Windows. This 
feature ensures that every application 
being installed on Windows has been 
certified to work with the operating sys- 
tem. Try to install something not on the 
list, and you get a warning. 

The fact is, however, that the items 
missing from Windows are as much an 
opportunity for Web developers as they 
are a limitation. The lack of a JVM is a 
good example. While the missing J ava is 
a result of M icrosoft's protracted (and 
ultimately unsuccessful) litigation with 
Sun, it does remove a needed compo- 
nent from today's Web environment. 
And while Microsoft doesn't include 
the JVM , apparently because it's still in 



a snit about losing the suit, that doesn't 
mean you can't use Java. It just means 
your users have to get it themselves, or 
that your IT staff members have anoth- 
er step in their process of prepping 
WindowsXP PCs. 

So what does that mean to you? It 
means that you now have more control 
in some ways. For example, if 
you wish, you can provide a 
link to the JVM you want your 
site visitors to use, and offer 
them a chance to download it. 
That way, you can be absolute- 
ly certain that everything you 
offer that requires Java will 
work as intended. 

Of course, you can also cre- 
ate alternate pages on your site: perhaps 
one for users with Java, and another 
without it. 1 1 may be more complex, and 
more expensive to develop this way, but 
again, you'll have more control over the 
way your pages appear because you'll 
know exactly what your visitors are 
using, and how it reacts with your page 
design. This also means that you can 
now do without those e-mails from 
annoyed users with one browser or the 
other who can't manage to see or use 
whatever it was that you wrote. 

The lack of other features offers sim- 
ilar opportunities for control. Are you 
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creating a site that uses M P3 files? Per- 
haps you're a small publisher, and this is 
how you distribute music. Or perhaps 
you use MP3s as a way to distribute 
training materials that employees can 
listen to on their CD players. Now you 
can offer a way to download a player that 
you want your site visitors to use, rather 
than just any old player they happened 
to have come across. 

If you're in the business of distribut- 
ing audio files in M P3 format, 
this is especially attractive, 
because you can use a player 
that both works with your prod- 
ucts and gives you the best 
business advantage. Perhaps 
you can display your logo, your 
upcoming releases or another 
commercial message while 
your visitors are listening to 
your product. Even better, at least 
some of those people also will use your 
player as their offline source of music, 
giving you even more exposure. 

The compatibility database can be 
more problematic, especially for devel- 
opers of in-house applications that 
have both Web-based and client-based 
components. You may find that when 
you attempt to install the client portion 
of the application, you get a warning 
that the application may not work 
properly. You're not prevented from 
installing the application, however. In 
this case, you only need to train your 



IT staff to ignore the warnings and pro- 
ceed with installation. 

F or Web-based applications, though, 
the story is different. Windows XP 
makes no attempt to check applications 
that are run over the Web, so for that 
situation, you're home free. In fact, 
Windows XP may be the incentive you 
need to make sure your Web-delivered 
applications are purely Web based. It 
helps for compatibility all around, and it 
no longer matters which operating sys- 
tem your users have on their clients. 
Whatever they have, they can run what 
you've created. 

Of course, there are many changes in 
Windows XP that can affect developers 
of all types. Some changes are good, pro- 
viding developers with capabilities they 
didn't have before, and others take away 
features that were once useful. Overall, 
for Web developers at least, moving to 
Windows XP is a big improvement, if 
only because it offers some hope that 
the platform your site visitors are using 
is more consistent than it was in the past. 
I n addition, it gives you a reason to cre- 
ate the Web-based applications you 
need with the support you want. As a 
result of these changes, you can at least 
be more confident that you'll have some 
idea of what to expect from your users. 
And it's hard to complain about that. I 

Wayne Rash is a technology journalist 
and consultant. 
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BREAKING RUP NOT HARD TO DO 



Whether you are a software manager 
working at Boeing or heading up 
production at a three-man shop, you 
undoubtedly have an established process 
for creating new applications. Everyone 
needs to know how to get from point A to 
point B and points beyond until the pro- 
ject is completed. There needs to be an 
architecture and a step-by-step plan in 
place for creating software; large-scale 
projects require a model. Then, 
there must be definitions of how 
pieces of the model interact with 
one another, where they fit into 
the architecture, and how and 
when members of a development 
team are to complete their tasks. 

Processes, really, are nothing 
more than the best practices an 
organization uses to create soft- 
ware applications. Some are created in- 
house, some come from vendors, and still 
others are available from consultants. But 
thegranddaddyofthemall isthe Rational 
U nified Process (RU P), formalized in the 
early 1990s after years of work in the 
modeling and component-development 
arenas by Ivar Jacobson, Grady Booch 
and J ames Rumbaugh, and widely seen as 
the definitive set of best practices. 

1 1 is also seen in many circles as an 800- 
pound gorilla. With its modeling and use- 
case requirements and lengthy methods, 
the RUP has been likened in smaller 
development shops to extinguishing a 
match with a fire hose. Other, more light- 
weight processes, such asXP and Crystal, 
as well as those from companies such as 
TogetherSoft and Computer Associates, 
have been alternatives to Rational simply 
because they are the right size for many 
smaller projects. 

Yes, even Rational admits it cannot 
produce every process known to man. 
But what they have done is to reconfig- 
ure the Unified Process into a compo- 
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tions to use only the parts of the process 
necessary for their product, and to cre- 
ate a framework that allows plug-ins 
from third-party vendors. 

Rational did have a program called 
Variants, which allowed third parties to 
create modified versions of the Unified 
Process. B ut according to Rational's direc- 
tor of product marketing D ave Locke, this 
created confusion because customers 
could not tell if they were actual- 
ly using the RUP or some varia- 
tion on the process theme. 

"We see an opportunity for 
customers to fine-tune RUP for 
their specific area," Locke said. 
"They can tie in existing processes 
and eliminate the parts of it they 
don't use. Now they're extending 
RUP without altering RUP." 
I n effect, Rational is moving from sell- 
ing a process to creating a process delivery 
vehicle. Is this an acknowledgement that 
to many smaller, non-Rational develop- 
ment shops, the barriers to the Unified 
Process— weight, complexity— were 
greater than the benefits? Locke would 
say only that Rational sees this move as a 
way to bring business processes into more 
organizations. With a price of $695 per 
developer seat that includes the first year's 
maintenance, Rational is looking to gain 
entry into organizations that are not now 
customers. And, by extending the RUP to 
include third-party plug-ins, Rational is 
trying to show that the RU P is not exclu- 
sive to Rational tools. "The business 
processes associated with other tools— we 
would never write that stuff," Locke said. 
"N ow they can roll them into RUP. We're 
trying to build a process ecosystem." 

The RUP Framework, available this 
month, consists of core RUP components 
as well as places to plug in partner 
process components based on technolo- 
gy, tools and domains, and customer 



nent framework that allows organiza- plug-ins with specifics about a company 



or a project. There currently are nine 
plug-ins: J2EE, WinDNA, .NET and 
Realtime on the technology side; Web- 
Logic, WebSphere and HP-AS applica- 
tion servers; and business modeling and 
user experience modeling. They are avail- 
able at the RUP Exchange on the Ratio- 
nal Developer Network (www.rational 
.com/services/rdn/index.jsp). 

Agile processes, which are lighter and 
less complex, are something that Ratio- 
nal is looking at, Locke said. "They have 
the same goal as the RUP," he said. "It's 
a different perspective for trying to 
achieve one thing, and that's more reli- 
able software development. We think 
the agile movement is a good one." 

On the lightweight process front, 
Rational is creating an agile process 
roadmap, which Locke described as a 
way to get from point to point, and 
assists developers in choosing which 
pieces of the RU P to string together. 

The RUP Framework comes with an 
enhanced version of the Rational Pro- 
cess Workbench, an OM G-compliant 
process modeling tool that can graphi- 
cally show project leaders where to 
place the proprietary plug-ins, and a 
new tool called RUP Builder, a config- 
uration tool based on inference tech- 
nology that helps developers choose 
plug-ins for a project that are not in 
conflict with each other. "You can't 
select RUP Microsoft and RUP IBM, 
for example, as one is .N ET and one is 
Java," Locke explained. 

So, why do so many development 
shops continue along with their "Go for 
it!" coding mentality, failing to properly 
design software projects? "It's in their 
culture," Locke opined. 

Getting development shops to 
counter that culture with a well-architect- 
ed process can result only in better use of 
resources, increased developer produc- 
tivity and more reliable software. I 

David Rubinstein is executive editor of 
SD Times. 



Which Embedded Platforms Are Developers Targeting? 
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Despite the recent gains by embedded operating sys- 
tems like Linux, VxWorks, Windows CE and QNX, the 
most popular operating systems in use are propri- 
etary tools developed in-house. According to a sum- 
mer Embedded Systems Developer Survey, 45.7 
percent of all embedded developers report that 
homegrown operating systems are at the heart of 
current projects or will be used for future projects. 

What about outside operating systems? The front- 
runner is embedded Linux, where 45.1 percent of users 
indicated that it's a target platform. Wind River's 
VxWorks leads the other commercial systems, with 
32.9 percent choosing it, followed by Microsoft's Win- 
dows CE (27.5%) and DOS (22.8%), Lynuxworks' Lynx- 
OS (13.8%), Wind River's VxWorks AE (12.5%), QNX 
Software Systems' QNX (12.4%) and FreeBSD (10.9%). 
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VA Linux Systems Inc. has reported a net loss of 
$8.7 million for the first fiscal quarter of 2002, and 
has renamed the company VA Software to better 
reflect its makeover earlier this year from selling 
hardware to focusing on its SourceForge develop- 
ment product. For the quarter ended Oct. 27, the 
company reported revenue of $5.6 million, while 
posting a net loss of $8.7 million or 16 cents per 
share, excluding noncash, restructuring and special 
items. The company, with approximately $71 million 
in cash still on hand, expects revenue for the second 
quarter to be somewhere in the ballpark of $4 mil- 
lion to $4.5 million, while anticipating a net loss of 
$8 million to $8.5 million . . . Serena Software Inc., 
provider of source code and Web content manage- 
ment software, reported earnings of 17 cents per 
share on revenue of $23.2 million for the third quar- 
ter, ending Oct. 31 . . . Ascential Software Corp. 
has acquired privately held Torrent Systems Inc. 
for a reported $46 million in cash. Torrent, which 
has developed technology for parallel processing, 
will increase the scalability of DataStage, Ascen- 
tial's data integration product line, according to the 
companies. Ascential claimed the acquisition will 
allow it to address large-scale data integration 
environments, saying that few vendors can offer 
solutions in that market space. Torrent's 60 
employees will be kept on by Ascential. I 



Bi CALENDAR OF EVENTS 



LinuxWorld 
Conference & Expo 

New York, IDG WORLD EXPO 
www.linuxworldexpo.com 



Jan. 29-Feb. 1 



Embedded Feb. 3-6 

Executive Summit 

Half Moon Bay, Calif., CMP MEDIA LLC 
www.esconline.com/exec 



Wall Street 

on Java Technology 

New York 

LIGHTHOUSE PARTNERS INC. 

& FLAGG MANAGEMENT INC. 

www.javaonwallstreet.com 



Feb. 4-5 



Software Feb. 11-15 

Management 2002 

Anaheim, Calif. 

SOFTWARE QUALITY ENGINEERING 

www.sqe.com/sm 

Applications of Feb. 11-15 

Software Measurement 2002 

Anaheim, Calif. 

SOFTWARE QUALITY ENGINEERING 

www.sqe.com/asm 

VSLive 2002 Feb. 11-16 

San Francisco 

FAWCETTE TECHNICAL PUBLICATIONS 

www.vslive.com/2002/sf 

Internet Feb. 19-21 

Appliance Workshop 

San Jose, Calif. 

INTERNET APPLIANCE WORKSHOP 

www.netapplianceconf.com 

Wireless One Feb. 19-21 

Conference & Expo 

Santa Clara, Calif., INT MEDIA GROUP 
www.imgevents.com/wireless 

Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 



Perforce Software Configuration Management 
handles the biggest projects on earth. 
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